0-day And Hitlist Week — -06-12-2024-

Towards the end of the week, researchers identified a sophisticated exploit chain involving modern web browsers. This zero-day allowed attackers to escape the browser sandbox, bridging the gap between a malicious website and the underlying operating system. This signaled a return to "drive-by download" style attacks, where merely visiting a compromised site could compromise a workstation.

These are vulnerabilities discovered in the wild with no official patch available as of this week, or just released within days of this report. 0-day and Hitlist Week -06-12-2024-

Continuing a trend seen throughout early 2024, the week of 06-12-2024 saw a sustained focus on edge infrastructure—specifically VPNs, load balancers, and email security gateways. Threat actors prioritize these devices because they are internet-facing and often lack endpoint detection and response (EDR) agents. Towards the end of the week, researchers identified