Verizon DBIR: Vulnerability Exploits Overtake Credentials

Staff Editor 2026-05-20
Verizon DBIR: Vulnerability Exploits Overtake Credentials

Verizon DBIR: Vulnerability Exploits Overtake Credentials

https://www.infosecurity-magazine.com/news/verizon-dbir-exploits-top-access/

Publish Date: 2026-05-20 04:40:00

Source Domain: www.infosecurity-magazine.com

Vulnerability exploitation has overtaken compromised credentials for the first time in nearly two decades as the most common initial access vector for data breaches, according to Verizon.

The tech giant’s Data Breach investigations Report (DBIR) has been providing threat landscape insight to industry professionals for 19 years, based as it is on a variety of Verizon, incident response, law enforcement and industry data on real breaches and incidents.

The latest edition revealed that nearly a third (31%) of data breaches over the past year started with vulnerability exploitation. This is up from 20% in last year’s report.

That made it the top initial access vector, with credential abuse down from 22% to 13%.

Read more on the DBIR: Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks

Verizon suggested the figures could indicate that AI is already being used by threat actors to find and exploit more vulnerabilities.

However, it’s not just zero-days that are at issue. The report revealed that firms aren’t patching known bugs quickly enough.

Only 26% of critical vulnerabilities listed in the Cybersecurity Infrastructure and Security Agency Known Exploited Vulnerabilities (CISA KEV) catalog were fully remediated by organizations in 2025, a drop from 38% the previous year.

That could be due to the increased patch load. Organizations had 50% more critical vulnerabilities to patch in this year’s reporting dataset versus 2025, Verizon said.

Jon Baker, VP of threat-informed defense at AttackIQ, said organizations are struggling to prioritize patches.

“Security teams are being asked to fix more critical issues, but they still need to know which ones actually create a path to compromise,” he argued. “A vulnerability on paper is one thing, but a vulnerability that can be chained into lateral movement, ransomware deployment, or data theft is something else entirely.”

Patrick Münch, CSO at vulnerability management services firm…

Source

More Stories

Three highlights in latest DHS spending bill

Three highlights in latest DHS spending bill

Staff Editor 2026-06-05
Mountain Rides resolves cybersecurity threat | Transportation

Mountain Rides resolves cybersecurity threat | Transportation

Staff Editor 2026-06-05
NICC offers new computing and cybersecurity program for high school students | 97 Seven Country WGLR – The Tri-States Best Variety of Country

NICC offers new computing and cybersecurity program for high school students | 97 Seven Country WGLR – The Tri-States Best Variety of Country

Staff Editor 2026-06-05

Terms and Conditions - Privacy Policy