
In 2024, cybersecurity researchers documented a significant increase in exploited vulnerabilities, with 768 CVEs (Common Vulnerabilities and Exposures) reported as actively exploited, marking a 20% rise from 2023’s 639 cases.
VulnCheck’s analysis revealed that 23.6% of known exploited vulnerabilities (KEV) were weaponized either during or before their public disclosure, showing a slight decrease from 26.8% in 2023. Notably, only 1% of published CVEs were confirmed as exploited in the wild, though this figure is expected to increase as new exploitation instances are discovered.
The research highlighted the persistent threat from Chinese hacking groups, with 15 out of 60 identified threat actors targeting the top 15 vulnerabilities. The infamous Log4j vulnerability (CVE-2021-44228) remained the most targeted, with 31 named threat actors linked to its exploitation and 65,245 hosts potentially vulnerable.
Currently, approximately 400,000 internet-accessible systems remain vulnerable to attacks targeting security flaws in major products from vendors including Apache, Atlassian, Barracuda, Citrix, Cisco, Fortinet, Microsoft, Progress, PaperCut, and Zoho.
Organizations are advised to:
– Assess exposure to vulnerable technologies
– Enhance risk visibility
– Utilize threat intelligence
– Maintain effective patch management
– Minimize internet-facing exposure of vulnerable devices