The usage of vulnerability exploitation as an preliminary entry vector resulting in cyber incidents grew threefold over the previous two years, in accordance with Verizon’s annual Information Breach Investigations Report (DBIR).
After a staggering 180% rise in profitable vulnerability exploits in Verizon’s 2024 DRIB report findings, the most recent report, printed on April 23, 2025, confirmed one other 34% rise.
This preliminary entry methodology now represents 20% of the general knowledge breaches noticed by Verizon, simply two share factors under the highest vector, credential abuse. Phishing got here third, now representing 16% of knowledge breaches.
File Variety of Information Breaches in Verizon’s DBIR Historical past
In its 18th DBIR, Verizon analyzed 22,052 cyber incidents, amongst which it noticed 12,195 knowledge breaches, between Nov 1, 2023, and Oct 31, 2024. The corporate describes an information breach as a cyber incident that led to the confirmed compromise of knowledge, throughout 139 nations.
“The variety of confirmed knowledge breaches we’ve discovered this 12 months is greater than in any of our earlier studies,” stated Alistair Neil, the Managing Director for Superior Options Worldwide at Verizon Enterprise, throughout a launch occasion for the report in London.
Over half of those breaches (53%) took the type of system intrusion – a big improve from the 36% within the 2022/23 reporting interval – whereas 17% concerned social engineering and 12% originated from primary internet utility assaults. Lastly, 6% have been attributable to privilege misuse.
Vulnerability Exploits Now a High Concern
Going by means of a few of the highlights of the most recent report, Neil famous that the rise in vulnerability exploits was in line with the noticed improve in vulnerability reporting.
“For those who have a look at the US Nationwide Institute of Requirements and Expertise (NIST), it registered 28,000 frequent vulnerabilities and exposures (CVEs) in 2023 and 40,000 in 2024 – so there’s a correlation,” he stated.
Two tendencies massively contributed to the rise in vulnerability exploitation, in accordance with Neil. First, the elevated focusing on of edge units and digital non-public networks (VPNs), notably by zero-day vulnerability exploits, and second, the explosion of breaches involving third-party compromises.
Zero-Day Exploits Goal Edge Units and VPN Companies
The exploitation of edge units and VPNs surged practically eightfold, from 3% to 22%, highlighting a rising risk. Whereas organizations made vital efforts to patch vulnerabilities, Verizon’s evaluation revealed that solely 54% have been totally remediated inside a median timeframe of 32 days. Neil added that this leaves sufficient of a spot for attackers to take advantage of.
Scott Caveza, a Senior Workers Analysis Engineer at Tenable, contributed vulnerability knowledge to the report and labored with Verizon to offer contextual knowledge on probably the most prolific vulnerabilities of the final 12 months.
Based mostly on his expertise, the remediation hole may very well be a lot greater.
“We evaluated the 17 edge gadget vulnerabilities featured within the report, every of which impacts precious targets for attackers and is usually the entry level for a breach,” he stated. “Whereas 54% of organizations have achieved full remediation of those 17 CVEs, our knowledge revealed the common time to patch was a staggering 209 days. This hole is extremely regarding, contemplating that attackers’ common time-to-exploitation is 5 days.”
Caveza believes the vulnerability conundrum means cyber defenders have “a unending ‘to-do listing’.”
“Typically, probably the most crucial vulnerabilities must be on the prime of the listing, particularly for edge units that function a metaphorical door into your surroundings,” he defined.
“Nonetheless, the context round vulnerabilities – the place a given vulnerability exists in your surroundings, what knowledge or programs are probably in danger, ease of exploitation, the existence of a proof-of-concept and a lot extra – drives knowledgeable prioritization and remediation. The largest, baddest vulnerability may very well be a non-issue in some circumstances, relying on context,” he added.
Explosion of Third-Social gathering Breaches
Moreover, Verizon’s 2025 DBIR confirmed that the proportion of breaches involving third events doubled, growing from 15% in final 12 months’s findings to 30% within the 2025 report.
These third-party assaults have been notably utilized by attackers trying to conduct system intrusion, with 81% of third-party breaches involving the compromise of the sufferer’s programs.
“Some notable incidents this 12 months involving credential reuse in a third-party surroundings—through which our analysis discovered the median time to remediate leaked secrets and techniques found in a GitHub repository was 94 days,” Neil highlighted.
“This sample implies that figuring out how efficient third-party, fourth-party and even fifth-party safety controls are has develop into a serious concern for our clients,” he added.
