As many as 768 threats with designated CVE names were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20 % increase year-over-year.
VulnCheck noted that 23.6 % of known exploited vulnerabilities (KEV ) were known to have been weaponized either on or before the day their CVEs were made public. This year represents “another banner year for threat actors targeting the exploitation of vulnerabilities.”
This signifies a small decrease from 2023’s 26.8 %, indicating that abuse attempts may take place at any time in a vulnerability’s life.
” During 2024, 1 % of the CVEs published were reported formally as exploited in the wild”, VulnCheck’s Patrick Garrity said in a statement shared with The Hacker News. This figure is anticipated to increase as abuse is frequently discovered longer after a CVE is released.
The report comes more than two weeks after the organization revealed that at least one of the top 15 constantly exploited threats have been linked to the misuse of at least one of them, out of a total of 60 named risk actors, according to the company.
” Not surprisingly, the Log4j CVE ( CVE-2021-44228 ) is associated with the most threat actors overall, with 31 named threat actors linked to its exploitation”, Garrity late last year, adding the company identified 65, 245 hosts potentially vulnerable to the flaw.
In all, there are approximately 400, 000 internet-accessible systems likely prone to attacks stemming from the abuse of 15 security shortcomings in Apache, Atlassian, Barracuda, Citrix, Cisco, Fortinet, Microsoft, Progress, PaperCut, and Zoho products.
” Companies should evaluate their exposure to these technologies, improve visibility into potential risks, utilize robust danger knowledge, maintain strong patch management practices, and implement mitigating controls, such as minimizing internet-facing coverage of these devices wherever possible”, VulnCheck said.