February 3, 2025
2024 marked a record-breaking year for cybersecurity challenges as threat actors ramped up their exploitation of vulnerabilities.
According to the latest findings from VulnCheck, 768 Common Vulnerabilities and Exposures (CVEs) were publicly reported as exploited in the wild for the first time this year.
This figure represents a 20% increase compared to 639 CVEs reported in 2023, highlighting the evolving threat landscape.
VulnCheck’s analysis shows that in 2024, 1% of all published CVEs were reported to have been exploited in the wild. While this ratio aligns with historical trends, the raw number of newly exploited vulnerabilities continues to rise, indicating the increasing sophistication and activity of malicious actors.
Furthermore, spikes in exploitation reporting frequently coincided with major industry events, including the RSA Conference, or were influenced by disclosures from newly onboarded sources like ShadowServer.
April and May witnessed heightened activity, likely fueled by high-profile disclosures during RSA and end-of-quarter reporting.
ShadowServer’s integration into reporting processes in January also led to increased public awareness of exploitation, while product-specific reports from companies like F5 and Fortinet, combined with government agency findings from the U.S. Department of Defense (DOD) and the Cybersecurity and Infrastructure Security Agency (CISA), further contributed to this surge.
