{"id":250409,"date":"2026-05-20T04:40:00","date_gmt":"2026-05-20T08:40:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/20\/verizon-dbir-vulnerability-exploits-overtake-credentials\/"},"modified":"2026-05-20T10:20:09","modified_gmt":"2026-05-20T14:20:09","slug":"verizon-dbir-vulnerability-exploits-overtake-credentials","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/20\/verizon-dbir-vulnerability-exploits-overtake-credentials\/","title":{"rendered":"Verizon DBIR: Vulnerability Exploits Overtake Credentials"},"content":{"rendered":"<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/verizon-dbir-exploits-top-access\/\">Verizon DBIR: Vulnerability Exploits Overtake Credentials<\/a><\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/verizon-dbir-exploits-top-access\/\">https:\/\/www.infosecurity-magazine.com\/news\/verizon-dbir-exploits-top-access\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-20 04:40:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.infosecurity-magazine.com\">www.infosecurity-magazine.com<\/a><\/p>\n<p>Vulnerability exploitation has overtaken compromised credentials for the first time in nearly two decades as the most common initial access vector for data breaches, according to Verizon.<\/p>\n<p>The tech giant\u2019s Data Breach investigations Report (DBIR) has been providing threat landscape insight to industry professionals for 19 years, based as it is on a variety of Verizon, incident response, law enforcement and industry data on real breaches and incidents.<\/p>\n<p>The latest edition revealed that nearly a third (31%) of data breaches over the past year started with vulnerability exploitation. This is up from 20% in last year\u2019s report.<\/p>\n<p>That made it the top initial access vector, with credential abuse down from 22% to 13%.<\/p>\n<p>Read more on the DBIR: Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks<\/p>\n<p>Verizon suggested the figures could indicate that AI is already being used by threat actors to find and exploit more vulnerabilities.<\/p>\n<p>However, it\u2019s not just zero-days that are at issue. The report revealed that firms aren\u2019t patching known bugs quickly enough.<\/p>\n<p>Only 26% of critical vulnerabilities listed in the Cybersecurity Infrastructure and Security Agency Known Exploited Vulnerabilities (CISA KEV) catalog were fully remediated by organizations in 2025, a drop from 38% the previous year.<\/p>\n<p>That could be due to the increased patch load. Organizations had 50% more critical vulnerabilities to patch in this year\u2019s reporting dataset versus 2025, Verizon said.<\/p>\n<p>Jon Baker, VP of threat-informed defense at AttackIQ, said organizations are struggling to prioritize patches.<\/p>\n<p>\u201cSecurity teams are being asked to fix more critical issues, but they still need to know which ones actually create a path to compromise,\u201d he argued. \u201cA vulnerability on paper is one thing, but a vulnerability that can be chained into lateral movement, ransomware deployment, or data theft is something else entirely.\u201d<\/p>\n<p>Patrick M\u00fcnch, CSO at vulnerability management services firm&#8230;<\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/verizon-dbir-exploits-top-access\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Verizon DBIR: Vulnerability Exploits Overtake Credentials https:\/\/www.infosecurity-magazine.com\/news\/verizon-dbir-exploits-top-access\/ Publish Date: 2026-05-20 04:40:00 Source Domain: www.infosecurity-magazine.com Vulnerability&#8230;<\/p>\n","protected":false},"author":1,"featured_media":250410,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/assets.infosecurity-magazine.com\/webpage\/og\/966f791d-9a81-4ee7-b6e4-90d59e59731d.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,30,24,31,27],"class_list":["post-250409","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-breach","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/250409"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=250409"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/250409\/revisions"}],"predecessor-version":[{"id":250411,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/250409\/revisions\/250411"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/250410"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=250409"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=250409"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=250409"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}