In 2024, the number of vulnerabilities actively exploited in the wild increased by 20% year-over-year, reaching 768 CVEs compared to 639 in 2023. VulnCheck, a cybersecurity firm, reported that a significant portion of these vulnerabilities, 23.6%, were weaponized either on or before their public disclosure. While this represents a slight decrease from 2023’s 26.8%, it highlights how quickly threat actors can exploit vulnerabilities at any stage of their lifecycle. The firm also noted that, in total, 1% of all CVEs published in 2024 were later identified as being exploited, a figure expected to rise as exploitation is often discovered months or years later.
The report, which underscores the growing threat from cybersecurity risks, identifies 15 Chinese hacking groups among the 60 threat actors who abused these vulnerabilities in 2023.
The widely publicized Log4j vulnerability, CVE-2021-44228, remained the most exploited, associated with 31 different threat actors. VulnCheck also discovered that over 65,000 hosts were vulnerable to this flaw alone. The discovery of such vulnerabilities has raised serious concerns about the security of internet-facing systems, with some 400,000 systems across multiple industries identified as being potentially exposed.
VulnCheck’s report provides a comprehensive analysis of the dangers posed by internet-accessible systems vulnerable to attacks targeting software from Apache, Atlassian, Barracuda, Citrix, Cisco, Fortinet, Microsoft, Progress, PaperCut, and Zoho. These vulnerabilities present a significant opportunity for cybercriminals, and the firm urged organizations to assess their exposure to these technologies. It also emphasized the importance of implementing strong patch management practices and leveraging threat intelligence to detect potential risks early.
To mitigate the growing threat, VulnCheck recommended that organizations take proactive steps such as enhancing visibility into their systems’ vulnerabilities, minimizing internet-facing exposure, and applying timely patches to reduce the risk of exploitation. The report warns that with the rising number of vulnerabilities and the speed with which attackers exploit them, businesses must remain vigilant in their cybersecurity practices to prevent breaches and maintain system integrity.