According to the Qualys 2024 Midyear Threat Landscape Review:
The number of reported Common Vulnerabilities and Exposures (CVEs) rose by 30% in the last year to 22,254. These numbers reflect rising software complexity and the broader use of technology, necessitating advanced and dynamic vulnerability management strategies to mitigate evolving cybersecurity threats.
Older CVE vulnerabilities are the main focus for bad actors with a 10% increase in the weaponisation of known CVEs. This is a stark reminder that cybersecurity is not just about staying ahead but also about not falling behind.
1% of CVE vulnerabilities identified this year have been weaponised. While this is a very small fraction, it accounts for the most severe threats that are being actively exploited through ransomware, threat actors, malware or confirmed wild exploitation instances.
There has been an increased focus on exploiting public-facing applications for initial access and using remote services for lateral movement within networks.