Up from 151 in Q4 2024, 159 CVE names were flagged as exploited in the wild in the first quarter of the year.
In a statement shared with The Hacker News, VulnCheck ed that” we continue to see risks being exploited at a quick rate with 28.3 % of threats being exploited within one day of their CVE disclosure.”
Within a day of being made public, this means there are 45 security defects that have been exploited in real-world attacks. Another 45 defects were abused within the course of a year, while another 14 various flaws were exploited within a fortnight.
The cybersecurity firm claims that network edge devices, operating systems, open-source software, and server software have been the most frequently identified vulnerabilities in content management systems ( CMSes ).
The break is as follows:
- Content Management Systems ( CMS ) ( 35 )
- Network Edge Tools ( 29 )
- Operating Systems ( 24 )
- Open Source software ( 14 )
- Server Software ( 14 )
Microsoft Windows ( 15 ), Broadcom VMware ( 6 ), Cyber PowerPanel ( 5 ), Litespeed Technologies ( 4 ), and TOTOLINK Routers ( 4 ) are the top vendors and their products that were exploited during that time.
” On regular, 11.4 KEVs were disclosed regular, and 53 per month,” according to VulnCheck. ” Only 12 of the vulnerabilities identified by CISA KEV demonstrated no prior public evidence of abuse during the quarter, compared to 80 that were added during the quarter.
25.8 % of the 159 vulnerabilities have been identified as awaiting or being examined by the NIST National Vulnerability Database ( NVD), and 3.1 % have been given the new” Deferred” status.
In contrast to the recently released from Verizon for 2025, exploitation of threats as the original access point for data breaches increased by 34 %, accounting for 20 % of all intrusions.
According to data collected by Google-owned Mandiant, exploits were the most frequently observed first disease vectors for the second consecutive season, with stolen credentials coming in second place behind phishing as the second most frequently observed original access vector.
” 33 % of infringements in which an initial infection vectors was identified began with the abuse of a vulnerability,” Mandiant . This is a reduction from 2023, when 38 % of infringements were caused by exploits, but 32 % of those in 2022 were caused by achievements.
Despite attackers ‘ attempts to avoid recognition, soldiers are still able to identify agreements.
An attacker’s time spent on a program from sacrifice to monitoring has been pegged at 11 times, an increase of one day since 2023, according to the global median dwell period.