Mandiant researchers found that over 90 zero-day vulnerabilities and more than 40 known vulnerabilities were exploited in the wild.
Vulnerabilities Exploited:
By infosecbulletin
/ Thursday , April 24 2025
SonicWall has revealed a vulnerability in its SonicOS SSLVPN Virtual Office interface that could let remote attackers crash firewall appliances....
Read More
By infosecbulletin
/ Thursday , April 24 2025
GitLab has announced a security advisory urging users to upgrade their self-managed installations right away. Versions 17.11.1, 17.10.5, and 17.9.7...
Read More
By infosecbulletin
/ Wednesday , April 23 2025
Imdadul Haque, the president of Internet Service Provider of Bangladesh (ISPAB) said, I automatically got back my WhatsApp account. What...
Read More
By infosecbulletin
/ Wednesday , April 23 2025
Zyxel Networks has issued critical security patches for two high-severity vulnerabilities in its USG FLEX H series firewalls. These flaws...
Read More
By infosecbulletin
/ Wednesday , April 23 2025
South Korea's largest mobile operator, SK Telecom, is warning that a malware infection allowed threat actors to access sensitive USIM-related...
Read More
By infosecbulletin
/ Wednesday , April 23 2025
Security researcher Matt Keeley showed that artificial intelligence can now develop working exploits for critical vulnerabilities before public proof-of-concept (PoC)...
Read More
By infosecbulletin
/ Tuesday , April 22 2025
Several vulnerabilities have been found in TP-Link routers, exposing users to serious security risks from SQL injection flaws in their...
Read More
By infosecbulletin
/ Tuesday , April 22 2025
SSL.com has revealed a major security flaw in its domain validation system, which could enable attackers to acquire fake SSL...
Read More
By infosecbulletin
/ Tuesday , April 22 2025
Amazon has paused some data center lease negotiations for its cloud division, particularly in international markets, according to Wells Fargo...
Read More
By infosecbulletin
/ Monday , April 21 2025
ELUSIVE COMET is a threat actor conducting a sophisticated attack campaign that uses Zoom's remote control feature to access victims'...
Read More
A comprehensive vulnerability analysis by “Mandiant” for 2023 uncovered “138” actively exploited “security vulnerabilities.”
They identified a significant prevalence of “97 zero-day vulnerabilities” and “41 n-day vulnerabilities” (the latter being exploited following the implementation of their respective patches). (those exploited after patch release).
The key finding was the considerable decrease in “Time-to-Exploit” (“TTE”), which fell to an average of just five days in 2023, compared to “32 days in 2021-2022,” “44 days in 2020-2021,” and “63 days in 2018-2019.”
The ratio of “n-day” to “zero-day” exploits changed to “30:70 in 2023,” down from the earlier ratio of about “38:62,” indicating a marked rise in “zero-day exploitation activities.”
Besides this, for “n-day vulnerabilities” specifically the exploitation timeline showed concerning trends:-
12% (5 vulnerabilities) were exploited within 24 hours of patch release.
29% (12 vulnerabilities) were exploited within a week.
56% were exploited within the first month.
A key case study is “CVE-2023-28121,” a vulnerability in the WooCommerce Payments plugin. This flaw highlighted how the availability of an exploit affected the timing of attacks, which occurred three months after it was disclosed.
Within three days of a weaponized exploit’s release, there were 1.3 million attacks per day.
Oracle Security Update, 334 Vulnerabilities Patched