{"id":4228,"date":"2026-01-23T13:38:28","date_gmt":"2026-01-23T13:38:28","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2026\/01\/23\/zero-day-exploits-surge-nearly-30-of-flaws-attacked-before-disclosure\/"},"modified":"2026-01-23T13:38:28","modified_gmt":"2026-01-23T13:38:28","slug":"zero-day-exploits-surge-nearly-30-of-flaws-attacked-before-disclosure","status":"publish","type":"post","link":"https:\/\/ft365.org\/index.php\/2026\/01\/23\/zero-day-exploits-surge-nearly-30-of-flaws-attacked-before-disclosure\/","title":{"rendered":"Zero-Day Exploits Surge, Nearly 30% of Flaws Attacked Before Disclosure"},"content":{"rendered":"<div id=\"cphContent_pnlMainContent\">\n<h2>Written by<\/h2>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/ft365.org\/wp-content\/uploads\/2025\/06\/localimages\/a7d280e2-8cd7-47a1-ba33-0ae2a304849f.png?width=64&#038;height=64&#038;mode=crop&#038;scale=both&#038;format=webp\" alt=\"Photo of Kevin  Poireault\" loading=\"lazy\"><\/p>\n<\/div>\n<div id=\"cphContent_pnlArticleBody\">\n<div id=\"layout-90df7bd3-3495-43d0-8bf8-f3e6bf622809\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>Cyber attackers continue to speed up vulnerability exploitation and last year 28.96% of known exploited vulnerabilities (KEVs) identified by VulnCheck were exploited before being publicly disclosed, or on the day they were reported.<\/p>\n<p>This from cybersecurity firm VulnCheck\u2019s <em>State of Exploitation 2026<\/em> report, published on January 21, which shows zero-day and one-day exploitation is accelerating, up from 23.6% in 2024.<\/p>\n<p>While the report considers the discoverability of a vulnerability as the day its common vulnerabilities and exposures (CVE) identifier is published,\u00a0Patrick Garrity, vulnerability researcher at VulnCheck, told <em>Infosecurity<\/em> that the reality is more complex.\u00a0<\/p>\n<p>&#8220;Some\u00a0were disclosed in public advisories first, then became exploited\u00a0and a CVE\u00a0was published after the facts,&#8221; he explained.\u00a0<\/p>\n<p>This means that\u00a0not all KEVs being exploited before or on the same day of CVE issuance are zero day vulnerabilities. Nevertheless, this rise from 24% to almost 30% shows that cyber threat actors continue to step up the pace by which they exploit\u00a0unpatched vulnerabilities.<\/p>\n<\/p><\/div>\n<figure id=\"layout-f45e07fb-73e6-42e2-8b0f-f2804e4ac430\" data-layout-id=\"4\" data-edit-folder-name=\"image\" data-index=\"1\"><img decoding=\"async\" src=\"http:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/localimages\/30ff736c-2f40-4e10-b9a1-8edb7bdd8825.png\" alt=\"Source: VulnCheck, State of Exploitation 2026\"><figcaption>Source: VulnCheck, State of Exploitation 2026<\/figcaption><\/figure>\n<div id=\"layout-79e94462-f4a8-44a3-a225-210dc8c95262\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"2\">\n<p>In 2025, VulnCheck identified 884 vulnerabilities for which evidence of exploitation was observed for the first time, a 15% increase over the previous year\u2019s total.<\/p>\n<p>Exploitation activity spanned hundreds of vendors and products. Network edge devices, including firewalls, VPNs and proxies, were the most frequently targeted technologies with 191 KEVS identified by VulnCheck in 2025. This was followed by content management systems (CMS) with 163 KEVs and open source software with 129 KEVs.<\/p>\n<h2><strong>Time-to-Exploitation Patterns Remain Consistent <\/strong><\/h2>\n<p>The report showed that time-to-exploitation patterns in 2025 remained highly consistent with 2024, indicating stable and sustained attacker behavior.<\/p>\n<p>Operating systems (OS) were most affected by zero-day and one-day vulnerability exploits. Of the KEVs impacting OS identified by VulnCheck in 2025, almost half were exploited before or just after the vulnerabilities were publicly disclosed.<\/p>\n<p>The technologies most targeted by old vulnerabilities, those disclosed more than four years before they were exploited, included developer tools, network devices and hardware.<\/p>\n<p>Finally, the VulnCheck report showed that ransomware attribution continued to lag behind initial exploitation disclosure in 2025, suggesting that attribution for vulnerabilities exploited in 2025 will continue to grow as additional research is published.<\/p>\n<p><em>Read now: Experts Welcome Global Cybersecurity Vulnerability Enumeration Launch<\/em><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Written by Cyber attackers continue to speed up vulnerability exploitation and last year 28.96% of known exploited vulnerabilities (KEVs) identified by VulnCheck were exploited before being publicly disclosed, or on the day they were reported. This from cybersecurity firm VulnCheck\u2019s State of Exploitation 2026 report, published on January 21, which shows zero-day and one-day exploitation<\/p>\n","protected":false},"author":2,"featured_media":4229,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-4228","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4228-c0cba71c-67fb-476b-8d0b-e5d2b90725dd.jpg",300,300,false],"thumbnail":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4228-c0cba71c-67fb-476b-8d0b-e5d2b90725dd-150x150.jpg",150,150,true],"medium":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4228-c0cba71c-67fb-476b-8d0b-e5d2b90725dd.jpg",300,300,false],"medium_large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4228-c0cba71c-67fb-476b-8d0b-e5d2b90725dd.jpg",300,300,false],"large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4228-c0cba71c-67fb-476b-8d0b-e5d2b90725dd.jpg",300,300,false],"1536x1536":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4228-c0cba71c-67fb-476b-8d0b-e5d2b90725dd.jpg",300,300,false],"2048x2048":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4228-c0cba71c-67fb-476b-8d0b-e5d2b90725dd.jpg",300,300,false],"morenews-featured":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4228-c0cba71c-67fb-476b-8d0b-e5d2b90725dd.jpg",300,300,false],"morenews-large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4228-c0cba71c-67fb-476b-8d0b-e5d2b90725dd.jpg",300,300,false],"morenews-medium":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4228-c0cba71c-67fb-476b-8d0b-e5d2b90725dd.jpg",300,300,false],"crawlomatic_preview_image":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4228-c0cba71c-67fb-476b-8d0b-e5d2b90725dd-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"https:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"https:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4228","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=4228"}],"version-history":[{"count":0,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4228\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/4229"}],"wp:attachment":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=4228"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=4228"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=4228"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}