Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Exploitation of Over 700 Vulnerabilities Came to Light in 2024

The number of vulnerabilities first reported as exploited surged last year amid a decrease in zero-day reports.

The number of vulnerabilities publicly reported as exploited in attacks for the first time increased significantly in 2024 compared to the previous year, a fresh VulnCheck report shows.

According to the vulnerability intelligence firm, 768 CVEs were reported as exploited in the wild for the first time last year, up 20% from 2023, when that number reached 639. However, only 1% of all the published CVEs were marked as exploited.

Last year, 23.6% of the known exploited vulnerabilities were “known to be exploited on or before the day their CVEs were publicly disclosed, a slight decrease from 2023’s 27%”, VulnCheck says.

“Despite the buzz around ‘zero-day’ exploitation, these findings indicate that exploitation can happen at any time in a vulnerability’s lifecycle,” VulnCheck notes.

The number of CVEs first reported as exploited in 2024, the firm says, was aggregated from 112 unique sources based on evidence of exploitation, and not all the identified CVEs made it to the Known Exploited Vulnerabilities list of the US cybersecurity agency CISA.

Overall, the number of exploited CVEs could grow, as exploitation is often uncovered long after the vulnerability is publicly disclosed, VulnCheck notes.

Looking at monthly trends, an average of 30 to 50 CVEs were reported as exploited each month last year, with notable spikes when The Shadowserver Foundation was onboarded as a source in January, when end-of-quarter and RSA reports were released, following government threat disclosures, and as a result of coordination with Wordfence to issue CVEs for exploited flaws without an identifier.

“These spikes underscore how industry events and new resources impact reporting volumes on exploitation. We encourage organizations to publicly disclose any instances where there is exploitation activity,” VulnCheck notes.

Advertisement. Scroll to continue reading.

The cybersecurity firm points out that the 112 unique sources used to gain visibility into the exploited vulnerabilities may not be comprehensive, potentially leading to missing CVEs.

Related: New Zyxel Zero-Day Under Attack, No Patch Available

Related: TeamViewer Patches High-Severity Vulnerability in Windows Applications

Related: SonicWall Confirms Exploitation of New SMA Zero-Day

Related: Oracle Patches 200 Vulnerabilities With January 2025 CPU

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Software giant Atlassian has named David Cross as its new CISO.

Dan Pagel has been named the new CEO of risk management and remediation firm Brinqa.

The City of Phoenix has promoted Mitch Kohlbecker to the role of Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.