Over the past 12 months, Volexity has identified two security incidents in customer environments caused by zero-day exploits: CVE-2023-46805 & CVE-2024-21887 (Ivanti Connect Secure), and CVE-2024-3400 (Palo Alto Networks Global Protect). This talk will explore why security issues affecting edge devices remain a persistent problem, examine common detection approaches used by Volexity to identify such incidents, and outline methods organisations can employ to detect similar incidents within their own environments.