{"id":251411,"date":"2026-05-19T17:21:00","date_gmt":"2026-05-19T21:21:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/19\/attackers-hit-vulnerabilities-hard-last-year-making-exploits-the-top-entry-point-for-breaches\/"},"modified":"2026-05-21T10:20:28","modified_gmt":"2026-05-21T14:20:28","slug":"attackers-hit-vulnerabilities-hard-last-year-making-exploits-the-top-entry-point-for-breaches","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/19\/attackers-hit-vulnerabilities-hard-last-year-making-exploits-the-top-entry-point-for-breaches\/","title":{"rendered":"Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches"},"content":{"rendered":"<p><a href=\"https:\/\/cyberscoop.com\/verizon-data-breach-investigations-report-2026\/\">Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches<\/a><\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/verizon-data-breach-investigations-report-2026\/\">https:\/\/cyberscoop.com\/verizon-data-breach-investigations-report-2026\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-19 17:21:00<\/a><\/p>\n<p>Source Domain: <a href=\"cyberscoop.com\">cyberscoop.com<\/a><\/p>\n<p>Attackers couldn\u2019t get enough of the vulnerabilities at their disposal last year, making exploits the top initial access vector across more than 22,000 breaches Verizon analyzed in its latest Data Breach Investigations Report released Tuesday.<\/p>\n<p>The massive annual study uncovered a surge of exploited vulnerabilities during a one-year period ending in October 2025. Exploited defects accounted for 31% of all known initial access vectors, jumping from 20% the previous year.\u00a0<\/p>\n<p>The uptick in exploited vulnerabilities is a reflection of the \u201csisyphean cause\u201d of vulnerability management, researchers wrote in the report. \u201cPut quite simply, there are often too many vulnerabilities and not enough time for patching all of them.\u201d<\/p>\n<p>Organizations are struggling to keep up with the torrent of vulnerabilities affecting technology across their systems. This slide is especially worrisome, and declining, among defects in the Cybersecurity and Infrastructure Security Agency\u2019s known exploited vulnerabilities catalog.<\/p>\n<p>Only 26% of the critical vulnerabilities in CISA\u2019s catalog were fully remediated by more than 13,000 organizations Verizon studied in 2025, marking a drop from 38% the year prior.\u00a0<\/p>\n<p>\u201cThere is also a worse result for the median time elapsed for a vulnerability to be fully patched by detection,\u201d researchers wrote in the report. \u201cOur new median time is 43 days, almost two weeks longer than last year\u2019s 32 days.\u201d<\/p>\n<p>Verizon also noted that the median number of KEV vulnerabilities that organizations had to patch jumped from 11 in 2024 to 16 in 2025.<\/p>\n<p>CISA\u2019s KEV catalog contained more than 1,500 CVEs as of February, and 65% of those were exploited during the previous year, according to the report.<\/p>\n<p>Verizon identified the five most common weaknesses of CISA KEV CVEs in its report as out-of-bounds read, heap-based buffer overflow, use after free, external control of file name or path and access of resource using incompatible&#8230;<\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/verizon-data-breach-investigations-report-2026\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches https:\/\/cyberscoop.com\/verizon-data-breach-investigations-report-2026\/&#8230;<\/p>\n","protected":false},"author":1,"featured_media":251413,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2026\/05\/GettyImages-2219083738.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30,24,27],"class_list":["post-251411","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/251411"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=251411"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/251411\/revisions"}],"predecessor-version":[{"id":251414,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/251411\/revisions\/251414"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/251413"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=251411"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=251411"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=251411"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}