For the first time in its publication history of nearly 20 years, Verizon's annual Data Breach Investigations Report (DBIR) is tracking vulnerability exploitation as the leading initial access method for attackers. Stolen credentials had been the #1 method for the entirety of the report's history up to this year.
Unit 42 threat intel division has detected ongoing exploitation of Palo Alto firewalls via patched PAN-OS web interface zero-day vulnerabilities CVE-2024-0012 and CVE-2024-9474.
CISA and the "Five Eyes" national intelligence agencies have issued their annual advisory on the top exploited vulnerabilities for the prior year, and its findings bolster some other recent reports that a successful attack is becoming increasingly likely to be the result of a zero-day.
A new report from Mandiant indicates that 70% of 2023's total of 138 exploited vulnerabilities were zero-days when first used, with the average time-to-exploit (TTE) dropping drastically from 32 days to just five.
A new joint alert from CISA and the FBI seeks to assist private sector software developers in removing XSS vulnerabilities from their products, with a basic overview of best practices aimed primarily at executives and business leaders.
Cybersecurity agencies from the Five Eyes Alliance published the list of the 12 most exploited vulnerabilities of 2022, revealing that hackers prefer older unpatched software bugs, with one dating back to 2018.
CISA directs federal agencies to adhere to the vulnerability management catalog and patch 300 exploited vulnerabilities assigned CVE IDs in 2021 within 2 weeks and 6 months for previous ones.
Joint cybersecurity advisory warned that state and independent hackers continue to leverage commonly exploited vulnerabilities to compromise governments and private organizations.
DHS and FBI published the top 10 most exploited vulnerabilities over the last four years. providing insight into how cybercriminals are taking advantage of well-known software vulnerabilities.









