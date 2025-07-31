Most of the targeted security bugs during the first half of 2025 were those in content management systems, followed by those in network edge devices, server software, open-source software, and operating systems, with Microsoft and Cisco being the two most targeted vendors, according to findings from VulnCheck. Chinese state-backed threat actors continued to be most active in exploiting known vulnerabilities between January and June, despite a significant decrease in KEV attributions over the same period. While a similar reduction in KEV attribution has also been observed among North Korean state-sponsored hacking operations, Russian and Iranian state-linked threat actors have ramped up exploitation activities, with both recording two times more KEV attributions during the first half of 2025.
Accelerated vulnerability exploitation examined
Nearly one-third of security vulnerabilities this year have been exploited prior to detection or within a day of being reported, compared with 23.6% of such flaws last year, Infosecurity Magazine reports.
