Vulnerability exploits now dominate intrusions • The Register

https://www.theregister.com/2026/01/29/faster_patching_please_cry_infoseccers/

Publish Date: 2026-01-29 08:53:00

What good is a fix if you don’t use it? Experts are urging security teams to patch promptly as vulnerability exploits now account for the majority of intrusions, according to the latest figures.

Cisco Talos said exploited flaws were behind nearly 40 percent of all intrusions in Q4 2025, and the speed at which attackers were harnessing those weaknesses should serve as a wake-up call for defenders.

This marks the second quarter in a row that exploits led the charge for initial access, but represented a drop from Q3’s rate of 62 percent, which was driven largely by widespread ToolShell attacks.

More recently, the team pointed to the Oracle EBS and React2Shell vulnerabilities as examples of two high-profile vectors that continued to fuel the trend, both of which were taken up by attackers within hours of disclosure.

Talos stated in its report: “In both cases, exploitation activity occurred around the time the vulnerability became public, demonstrating actors’ speed in capitalizing on these opportunities as well as the inherent risks of internet-facing enterprise applications and default deployments embedded in widely used frameworks.”

The Register reported at the time that a functional proof-of-concept exploit for React2Shell began circulating online within 30 hours of disclosure, for example.

Likewise, AWS said Chinese state-backed attackers were exploiting the maximum-severity bug “within hours or days of disclosure.”

Whether organizations heed this warning is another matter, however. Patching systems, especially in large organizations, can be a painful process, but according to a BitSight analysis in 2024, private sector admins are taking months, not hours, to patch the most serious flaws.

Unsurprisingly, phishing was also among the most common ways in which attackers gained access to a victim’s network, coming in…

Source