Ddos 
A new report from VulnCheck reveals a concerning rise in vulnerability exploitation, with 768 CVEs reported as exploited in the wild during 2024, marking a 20% year-over-year increase.
The report, which leverages data from the VulnCheck KEV, a free community resource tracking exploited vulnerabilities, offers valuable insights into the evolving landscape of cyber threats.
VulnCheck tracked a total of 768 vulnerabilities that were confirmed to be actively exploited, compared to 639 in 2023. These findings align with historical trends, suggesting that the number of reported exploits is likely to continue increasing as more incidents come to light over time
One key finding is the speed at which vulnerabilities are being weaponized. Nearly a quarter (23.6%) of known exploited vulnerabilities (KEVs) were exploited on or before the day their corresponding CVEs were publicly disclosed.
VulnCheck’s analysis further reveals that spikes in CVE reporting often correlate with major industry events, such as the RSA Conference, and the emergence of new data sources, like ShadowServer’s integration into KEV.
A diverse array of organizations plays a crucial role in reporting exploited vulnerabilities. The VulnCheck report highlights 112 unique sources that provided initial evidence of exploitation, including:
- Security firms such as CheckPoint, Aqua Security, Fortinet, and F5.
- Government agencies, including the U.S. Department of Defense (DOD), Cybersecurity and Infrastructure Security Agency (CISA), and the UK’s NHS.
- Non-profits like ShadowServer, which contributed significantly after being onboarded as a tracking source.
- Tech giants such as Microsoft, Google, Apple, Cisco, and Ivanti, which reported vulnerabilities in both their own products and third-party software.
- Social media and blogs, including Infosec Exchange, X (formerly Twitter), LinkedIn, and Medium
VulnCheck emphasizes that exploitation is not confined to zero-day vulnerabilities, and defenders must remain proactive. “Despite the buzz around ‘zero-day’ exploitation, these findings indicate that exploitation can happen at any time in a vulnerability’s lifecycle,” the report states.
Related Posts:
- CVE-2024-11680 (CVSS 9.8): Critical ProjectSend Vulnerability Actively Exploited, PoC Published
- Researchers Disclose MikroTik RouterOS Security Flaw, Putting Hundreds of Thousands of Devices at Risk
- Four-Faith Industrial Routers Under Attack: CVE-2024-12856 Exploited in the Wild
- CISA Adds Seven New Vulnerabilities in Known Exploited Vulnerabilities Catalog
💙 Support SecurityOnline.info
If this article helped you stay informed, please consider supporting us below.
PayPal