Qualys has released its 2024 Midyear Threat Landscape Review, emphasizing the evolution and escalation of cyber threats. The report found that the exploitation of old common vulnerabilities and exposures (CVEs) rose by 10% from 2023 to 2024. Additionally, the volume of reported CVEs rose by approximately 30%, representing an increase from 17,114 in 2023 to 22,254 in 2024. Out of these vulnerabilities, .91% (204 vulnerabilities) have been exploited. Although only a few were exploited, the report asserts that these incidents present a threat and require proper security measures.
The report suggests that the increased exploitation of CVEs is a concerning trend that organizations and cybersecurity leaders must be aware of. The report then goes on to list the 10 most exploited vulnerabilities. The three most exploited vulnerabilities in this list include CVE-2024-21887 (a command injection vulnerability in Ivanti Connect and Policy Secure Web), CVE-2023-46805 (a remote authentication bypass vulnerability in Ivanti Connect and Policy Secure Web), and CVE-2024-21412 (a security feature bypass vulnerability in Microsoft Windows).