Even though there has been no clear evidence indicating ongoing active exploitation of CVE-2012-4792, the vulnerability, which could enable remote execution of arbitrary code, had been leveraged in watering hole attacks deployed against Capstone Turbine Corporation and the Council on Foreign Relations almost 12 years ago. Meanwhile, attacks leveraging CVE-2024-39891 have been deployed by threat actors looking to identify Authy account-related data before being addressed by Twilio earlier this month.
Source: SC Magazine