Report reveals 10% increase in the exploitation of old CVEs

Laptop with dark screen and green symbols

Image via Unsplash

Qualys has released its 2024 Midyear Threat Landscape Review, emphasizing the evolution and escalation of cyber threats. The report found that the exploitation of old common vulnerabilities and exposures (CVEs) rose by 10% from 2023 to 2024. Additionally, the volume of reported CVEs rose by approximately 30%, representing an increase from 17,114 in 2023 to 22,254 in 2024. Out of these vulnerabilities, .91% (204 vulnerabilities) have been exploited. Although only a few were exploited, the report asserts that these incidents present a threat and require proper security measures.

The report suggests that the increased exploitation of CVEs is a concerning trend that organizations and cybersecurity leaders must be aware of. The report then goes on to list the 10 most exploited vulnerabilities. The three most exploited vulnerabilities in this list include CVE-2024-21887 (a command injection vulnerability in Ivanti Connect and Policy Secure Web), CVE-2023-46805 (a remote authentication bypass vulnerability in Ivanti Connect and Policy Secure Web), and CVE-2024-21412 (a security feature bypass vulnerability in Microsoft Windows).

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.