A method may include, in a computing device including a processor, memory, an operating system, and at least one installed application, detecting an attempted exploitation of at least one known vulnerability associated with the device. The attempted exploitation may be logged. At least one remedial action may be performed on the device based on the logged attempted exploitation. The known vulnerability may be associated with the operating system and/or the at least one installed application. The at least one known vulnerability may include one or more of at least one known coding flaw in the operating system or in the at least one installed application, at least one known weakness in a protocol running on the computing device, a known family of coding flaws in the operating system or in the at least one installed application, an unauthorized triggering of premium SMS services, and/or triggering of a hostile misconfiguration.