Threat actors have exploited 159 CVEs during the first three months of 2025, compared with 151 during the last quarter of 2024, with almost a third of vulnerabilities leveraged in attacks within a day of their disclosure, according to The Hacker News.
Content management systems accounted for most of the abused security flaws between January and March, followed by network edge devices and operating systems, while Microsoft Windows, Broadcom VMware, Cyber PowerPanel, Litespeed Technologies, and TOTOLINK routers were the most targeted products during the same period, a report from VulnCheck showed. Additional findings showed that 25.8% of all actively exploited vulnerabilities during the first quarter are yet to be evaluated or completely examined by the National Institute of Standards and Technology's National Vulnerability Database. Such findings follow a Verizon report detailing that vulnerabilities continued to be the most prevalent initial access vector among threat actors for the fifth year running.
Content management systems accounted for most of the abused security flaws between January and March, followed by network edge devices and operating systems, while Microsoft Windows, Broadcom VMware, Cyber PowerPanel, Litespeed Technologies, and TOTOLINK routers were the most targeted products during the same period, a report from VulnCheck showed. Additional findings showed that 25.8% of all actively exploited vulnerabilities during the first quarter are yet to be evaluated or completely examined by the National Institute of Standards and Technology's National Vulnerability Database. Such findings follow a Verizon report detailing that vulnerabilities continued to be the most prevalent initial access vector among threat actors for the fifth year running.
