2024 Sees 20% Rise in Exploited Vulnerabilities

2025-02-07

Learn about the increasing threat landscape and the importance of proactive vulnerability management to protect against sophisticated exploits.

 

The VulnCheck report for 2024 highlights a 20% increase in exploited vulnerabilities compared to 2023, with 768 CVEs reported as actively exploited. Notably, 23.6% of these vulnerabilities were weaponized by threat actors on or before their public disclosure. The report also links 15 Chinese hacking groups to the exploitation of frequently targeted vulnerabilities, affecting approximately 400,000 internet-accessible systems across various products from companies like Apache, Atlassian, Cisco, and Microsoft.

 

Key Facts

Risks:

Patch Management, Web App/Website Vulnerability, Other: CVE Exploitation

Keywords:

VulnCheck, CVEs 2024, Exploited Vulnerabilities, Threat Actors, Apache, Microsoft, Chinese Hacking Groups

CVE:

N/A

Affected:

Apache, Atlassian, Barracuda, Citrix, Cisco, Fortinet, Microsoft, Progress, PaperCut, Zoho

 

Article Body

Overview of 2024 Vulnerability Exploitation

In 2024, the cybersecurity landscape saw a significant increase in the exploitation of software vulnerabilities. A report by VulnCheck reveals that 768 Common Vulnerabilities and Exposures (CVEs) were actively exploited during the year. This marks a 20% rise from the 639 CVEs exploited in 2023.

Rapid Weaponization of Vulnerabilities

One of the critical insights from the VulnCheck report is the speed at which vulnerabilities are being weaponized. Approximately 23.6% of these exploited vulnerabilities were weaponized by threat actors on or even before their official public disclosure. This trend indicates that attackers are becoming increasingly efficient at turning newly discovered vulnerabilities into tools for exploitation.

Notable Threat Actors

The report highlights the involvement of 15 Chinese hacking groups among the 60 named threat actors that have leveraged at least one of the top 15 routinely exploited vulnerabilities from the previous year. These groups have been linked to numerous attacks, underscoring the persistent threat posed by state-sponsored actors.

Affected Systems and Products

The VulnCheck analysis identified around 400,000 internet-accessible systems as likely targets due to vulnerabilities in products from several major companies. These include widely used products from Apache, Atlassian, Barracuda, Citrix, Cisco, Fortinet, Microsoft, Progress, PaperCut, and Zoho.

Implications for Security Management

The findings stress the importance of proactive vulnerability management and the need for organizations to stay ahead of potential threats. Companies must prioritize the timely application of security patches and updates to mitigate risks associated with known vulnerabilities.

 

Read More

https://thehackernews.com/2025/02/768-cves-exploited-in-2024-reflecting.html?m=1