Increase in Exploited Vulnerabilities in 2024

February 4, 2025

cybersecurity wall of monitors

Introduction

In 2024 [1] [2] [3] [4] [5] [6] [7] [8], the cybersecurity landscape witnessed a notable increase in the exploitation of vulnerabilities, as evidenced by the rise in reported Common Vulnerabilities and Exposures (CVEs) being actively exploited. This trend underscores the growing challenges faced by businesses and cybersecurity professionals in safeguarding digital assets.

Description

In 2024 [1] [2] [3] [4] [5] [6] [7] [8], a total of 768 vulnerabilities with designated Common Vulnerabilities and Exposures (CVE) identifiers were publicly reported as exploited in the wild for the first time, marking a 20% increase from the 639 CVEs recorded in 2023 [2] [3] [4]. This increase highlights a growing trend in the exploitation of security flaws [8], prompting alerts for businesses and cybersecurity specialists [8]. The figure represents only 1% of all published CVEs, consistent with historical trends [2] [3], yet it underscores a rising number of newly exploited vulnerabilities [2]. Notably, approximately 23.6% of these known exploited vulnerabilities (KEV) were weaponized on or before their discovery [1] [4] [5], a decrease from 26.8% in 2023 [1] [6] [7]. Furthermore, half of the CVEs were reported as exploited within 192 days of public disclosure [6] [7], while 75% were exploited within 1004 days [6] [7]. The data reflects the increasing sophistication and activity of threat actors in the cybersecurity landscape [2], and it is anticipated that the number of reported exploits will continue to rise, as exploitation is often discovered long after a CVE is published [1] [3].

Conclusion

The increase in exploited vulnerabilities in 2024 highlights the urgent need for enhanced cybersecurity measures and proactive threat management. Organizations must prioritize timely patching and vulnerability assessments to mitigate potential risks. As threat actors continue to evolve, it is crucial for cybersecurity strategies to adapt accordingly, ensuring robust defenses against future exploits. The ongoing vigilance and collaboration among cybersecurity professionals will be essential in addressing these challenges and protecting critical infrastructure.

References

[1] https://www.coreinsightsintl.com/post/768-cves-exploited-in-2024-reflecting-a-20-increase-from-639-in-2023
[2] https://cybersecuritynews.com/768-vulnerabilities-exploited/
[3] https://vulncheck.com/blog/2024-exploitation-trends
[4] https://cyber.vumetric.com/security-news/2025/02/03/768-cves-exploited-in-2024-reflecting-a-20-increase-from-639-in-2023/
[5] https://ciso2ciso.com/768-cves-exploited-in-2024-reflecting-a-20-increase-from-639-in-2023-sourcethehackernews-com/
[6] https://www.infosecurity-magazine.com/news/cves-exploited-wild-2024/
[7] https://osintcorp.net/768-cves-exploited-in-the-wild-in-2024/
[8] https://www.it-connect.fr/768-cve-exploitees-pour-la-premiere-fois-en-2024-soit-une-augmentation-de-20-en-comparaison-de-2023/