Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis

GTIG's 2024 zero-day analysis documents extensive exploitation activity: 34 attributed zero-day vulnerabilities (of 75 identified) were observed being actively used by a mix of traditional espionage APTs, PRC- and DPRK-linked actors, commercial surveillance vendors, and financially motivated groups (including FIN11 and CIGAR). The report spotlights a WebKit-based cookie-theft chain targeting Macintel users and a fully weaponized Firefox/Tor exploit chain used by CIGAR that includes a sandbox escape and SYSTEM privilege escalation (CVE-2024-9680, CVE-2024-49039), provides CVEs, IoCs and operational details, and highlights trends such as CSV-supplied exploits and mixed-motive actor behavior.