The number of actively exploited vulnerabilities surged in 2024, with 768 CVEs identified as exploited in the wild—a 20% increase from the 639 CVEs recorded in 2023. This alarming trend highlights the growing threats posed by cybercriminals targeting unpatched security flaws.
According to VulnCheck, 23.6% of known exploited vulnerabilities (KEVs) were weaponized on or before their public disclosure date. While this marks a slight decline from 2023's 26.8%, it reinforces the urgency of timely patching, as exploitation can occur at any stage in a vulnerability’s lifecycle.
Key Findings from the VulnCheck Report
- 1% of all CVEs published in 2024 were actively exploited, with the number expected to grow as delayed exploitation is uncovered.
- Chinese hacking groups remain a major threat, with 15 out of 60 tracked groups linked to the abuse of at least one of the top 15 routinely exploited vulnerabilities in 2023.
- Log4j (CVE-2021-44228) continues to be a top target, exploited by 31 named threat actors—more than any other CVE.
- 65,245 hosts remain potentially vulnerable to Log4j-related threats.
- An estimated 400,000 internet-exposed systems are at risk due to unpatched flaws in products from Apache, Atlassian, Barracuda, Citrix, Cisco, Fortinet, Microsoft, Progress, PaperCut, and Zoho.
How Organizations Can Reduce Exposure
Cybersecurity experts urge businesses to:
✅ Assess risk exposure to vulnerable technologies.
✅ Enhance visibility into potential security threats.
✅ Implement threat intelligence for proactive defense.
✅ Enforce strong patch management to mitigate risk.
✅ Minimize internet-facing exposure of critical assets.
As cyber threats continue to evolve, organizations must stay ahead with a proactive security strategy to defend against rising vulnerability exploitation trends in 2024 and beyond.