Tuesday , February 4 2025
2023

768 Exploited CVEs in 2024, a 20% Increase from 639 in 2023

infosecbulletin 4 minutes ago Vulnerabilities

In 2024, 768 vulnerabilities with CVE identifiers were reported as exploited in the wild, a 20% increase from 639 in 2023. VulnCheck called 2024 “a strong year for threat actors exploiting vulnerabilities,” noting that 23.6% of known exploited vulnerabilities (KEVs) were weaponized by or on the day their CVEs were disclosed.

This represents a slight decrease from 2023’s 26.8%, showing that exploitation attempts can occur at any point in a vulnerability’s lifecycle.

768 Exploited CVEs in 2024, a 20% Increase from 639 in 2023

By infosecbulletin / Tuesday , February 4 2025
In 2024, 768 vulnerabilities with CVE identifiers were reported as exploited in the wild, a 20% increase from 639 in...
Read More
768 Exploited CVEs in 2024, a 20% Increase from 639 in 2023

.Gov Domains Weaponized in Phishing Surge

By infosecbulletin / Monday , February 3 2025
A recent report from Cofense Intelligence highlights a concerning trend: threat actors are increasingly misusing .gov top-level domains (TLDs) to...
Read More
.Gov Domains Weaponized in Phishing Surge

RedSentry presents
Hacked 101 Seminar Successfully Ended at UITS

By infosecbulletin / Sunday , February 2 2025
The cybersecurity seminar "RedSentry presents: Hacked 101," organized by RedSentry with the University of Information Technology and Sciences (UITS) as...
Read More
RedSentry presents Hacked 101 Seminar Successfully Ended at UITS

US scientists claim to replicate DeepSeek for $30 dubbed “TinyZero,”

By infosecbulletin / Sunday , February 2 2025
Researchers at the University of California, Berkeley, claims they’ve managed to reproduce the core technology behind DeepSeek’s at a total...
Read More
US scientists claim to replicate DeepSeek for $30 dubbed “TinyZero,”

ChatGPT, DeepSeek, Qwen 2.5-VL Vulnerable to AI Jailbreaks

By infosecbulletin / Sunday , February 2 2025
This week, multiple research teams showcased jailbreaks for popular AI models, including OpenAI's ChatGPT, DeepSeek, and Alibaba's Qwen. After its...
Read More
ChatGPT, DeepSeek, Qwen 2.5-VL Vulnerable to AI Jailbreaks

Paragon Attack WhatsApp With New Zero-Click Spyware

By infosecbulletin / Sunday , February 2 2025
WhatsApp reveiled on Friday that a "zero-click" spyware attack, linked to the Israeli company Paragon, has targeted many users globally,...
Read More
Paragon Attack WhatsApp With New Zero-Click Spyware

Everything I Say Leaks,’ Zuckerberg Says in Leaked Meeting Audio

By infosecbulletin / Saturday , February 1 2025
At an all-hands meeting at Meta on Thursday, Mark Zuckerberg did not mention the company's $25 million settlement with Donald...
Read More
Everything I Say Leaks,’ Zuckerberg Says in Leaked Meeting Audio

Indian tech giant Tata Tech hit by ransomware attack

By infosecbulletin / Saturday , February 1 2025
Tata Technologies reported a ransomware incident affecting some IT services, but it did not disrupt client deliveries, according to a...
Read More
Indian tech giant Tata Tech hit by ransomware attack

Vulnarabilitties found in Cisco webex and VMware Aria operation

By infosecbulletin / Friday , January 31 2025
A serious cybersecurity flaw in Cisco Webex Chat has been discovered, allowing unauthorized attackers to access the chat histories of...
Read More
Vulnarabilitties found in Cisco webex and VMware Aria operation

Microsoft to boost M365 bounty program rewards Up to $27,000

By infosecbulletin / Friday , January 31 2025
Microsoft has announced a major expansion of its Microsoft 365 Bounty Program. The program now covers new Viva products for...
Read More
Microsoft to boost M365 bounty program rewards Up to $27,000

“During 2024, 1% of the CVEs published were reported publicly as exploited in the wild,” VulnCheck’s Patrick Garrity said.  “This number is expected to grow as exploitation is often discovered long after a CVE is published.”

The report comes over two months after the company disclosed that 15 of 60 identified Chinese hacking groups are connected to the exploitation of at least one of the top 15 commonly exploited vulnerabilities in 2023.

“Not surprisingly, the Log4j CVE (CVE-2021-44228) is associated with the most threat actors overall, with 31 named threat actors linked to its exploitation,” Garrity noted late last year, adding the company identified 65,245 hosts potentially vulnerable to the flaw.

Approximately 400,000 internet-accessible systems may be vulnerable to attacks due to 15 security flaws in products from companies like Apache, Atlassian, Barracuda, Citrix, Cisco, Fortinet, Microsoft, Progress, PaperCut, and Zoho.

“Organizations should evaluate their exposure to these technologies, enhance visibility into potential risks, leverage robust threat intelligence, maintain strong patch management practices, and implement mitigating controls, such as minimizing internet-facing exposure of these devices wherever possible,” VulnCheck said.

Check Also

GitHub Desktop

GitHub Desktop Vuln Credential Leaks via Malicious Remote URLs

Multiple security vulnerabilities have been found in GitHub Desktop and other Git projects. If exploited, …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin