Vulnerability Management

Accelerated vulnerability exploitation examined

Credit: Adobe Stock Images

Credit: Adobe Stock Images

Nearly one-third of security vulnerabilities this year have been exploited prior to detection or within a day of being reported, compared with 23.6% of such flaws last year, Infosecurity Magazine reports.

Most of the targeted security bugs during the first half of 2025 were those in content management systems, followed by those in network edge devices, server software, open-source software, and operating systems, with Microsoft and Cisco being the two most targeted vendors, according to findings from VulnCheck. Chinese state-backed threat actors continued to be most active in exploiting known vulnerabilities between January and June, despite a significant decrease in KEV attributions over the same period. While a similar reduction in KEV attribution has also been observed among North Korean state-sponsored hacking operations, Russian and Iranian state-linked threat actors have ramped up exploitation activities, with both recording two times more KEV attributions during the first half of 2025.

Related

Microsoft updates .NET bug bounty program

Up to $40,000 in rewards will be given by Microsoft for critical .NET and ASP.NET Core remote code execution and privilege escalation bugs as part of its upgraded .NET bug bounty program that seeks to better reflect the challenges in discovering such vulnerabilities, BleepingComputer reports.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

BugBuffer OverflowDisassembly

You can skip this ad in 5 seconds