Exploitation of Over 700 Vulnerabilities Came to Light in 2024

1 day ago 2
News Banner

Looking for an Interim or Fractional CTO to support your business?

Read more

The number of vulnerabilities publicly reported as exploited in attacks for the first time increased significantly in 2024 compared to the previous year, a fresh VulnCheck report shows.

According to the vulnerability intelligence firm, 768 CVEs were reported as exploited in the wild for the first time last year, up 20% from 2023, when that number reached 639. However, only 1% of all the published CVEs were marked as exploited.

Last year, 23.6% of the known exploited vulnerabilities were “known to be exploited on or before the day their CVEs were publicly disclosed, a slight decrease from 2023’s 27%”, VulnCheck says.

“Despite the buzz around ‘zero-day’ exploitation, these findings indicate that exploitation can happen at any time in a vulnerability’s lifecycle,” VulnCheck notes.

The number of CVEs first reported as exploited in 2024, the firm says, was aggregated from 112 unique sources based on evidence of exploitation, and not all the identified CVEs made it to the Known Exploited Vulnerabilities list of the US cybersecurity agency CISA.

Overall, the number of exploited CVEs could grow, as exploitation is often uncovered long after the vulnerability is publicly disclosed, VulnCheck notes.

Looking at monthly trends, an average of 30 to 50 CVEs were reported as exploited each month last year, with notable spikes when The Shadowserver Foundation was onboarded as a source in January, when end-of-quarter and RSA reports were released, following government threat disclosures, and as a result of coordination with Wordfence to issue CVEs for exploited flaws without an identifier.

“These spikes underscore how industry events and new resources impact reporting volumes on exploitation. We encourage organizations to publicly disclose any instances where there is exploitation activity,” VulnCheck notes.

Advertisement. Scroll to continue reading.

The cybersecurity firm points out that the 112 unique sources used to gain visibility into the exploited vulnerabilities may not be comprehensive, potentially leading to missing CVEs.

Related: New Zyxel Zero-Day Under Attack, No Patch Available

Related: TeamViewer Patches High-Severity Vulnerability in Windows Applications

Related: SonicWall Confirms Exploitation of New SMA Zero-Day

Related: Oracle Patches 200 Vulnerabilities With January 2025 CPU

Read Entire Article