• Home
  • cyber
  • Verizon and CISA: Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches
cyber Vulnerability

Verizon and CISA: Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches

Oct 1, 2025 2 min read
Verizon and CISA: Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches

Exploited Vulnerabilities Surge as Top Initial Access Vector in 2025 Breaches

Verizon’s latest Data Breach Investigations Report, analyzing over 22,000 breaches from October 2024 to October 2025, reveals a sharp rise in exploited vulnerabilities as the leading initial access method. Exploits accounted for 31% of breaches up from 20% the prior year highlighting the growing challenge of vulnerability management amid an overwhelming volume of unpatched flaws.

Organizations struggled to keep pace, with only 26% of critical vulnerabilities in CISA’s Known Exploited Vulnerabilities (KEV) catalog fully remediated in 2025, down from 38% in 2024. The median patching time also worsened, stretching to 43 days nearly two weeks longer than the previous year’s 32 days. Meanwhile, the median number of KEV vulnerabilities requiring patches per organization rose from 11 to 16.

As of February 2025, CISA’s KEV catalog listed over 1,500 CVEs, with 65% exploited in the past year. The most common weaknesses included out-of-bounds reads, heap-based buffer overflows, use-after-free flaws, external control of file paths, and incompatible resource access.

Financially motivated attacks dominated, comprising 88% of breaches, while state-affiliated espionage made up the remainder. Ransomware remained a persistent threat, involved in 48% of breaches (up from 44% in 2024). However, ransom payments declined, with 69% of victims refusing to pay, and the median payment dropping from $150,000 to $140,000. Researchers noted challenges in tracking ransomware due to threat actors fabricating or recycling breach claims for notoriety.

Despite data inconsistencies, ransomware’s prevalence showed no signs of slowing, reinforcing its status as a pervasive and adaptable cybersecurity threat.

Source: https://cyberscoop.com/verizon-data-breach-investigations-report-2026/

Verizon cybersecurity rating report: https://www.rankiteo.com/company/verizon

Cybersecurity and Infrastructure Security Agency cybersecurity rating report: https://www.rankiteo.com/company/cisagov

"id": "VERCIS1779231862",
"linkid": "verizon, cisagov",
"type": "Vulnerability",
"date": "10/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"
{'attack_vector': 'Exploited Vulnerabilities',
 'date_publicly_disclosed': '2025',
 'description': 'Verizon’s latest Data Breach Investigations Report reveals a '
                'sharp rise in exploited vulnerabilities as the leading '
                'initial access method, accounting for 31% of breaches in '
                '2025. Organizations struggled with patch management, with '
                'only 26% of critical vulnerabilities remediated and median '
                'patching time worsening to 43 days. Ransomware remained a '
                'persistent threat, involved in 48% of breaches, with '
                'declining ransom payments.',
 'lessons_learned': 'Organizations need to improve vulnerability management '
                    'and patching processes to address the growing volume of '
                    'unpatched flaws. Ransomware remains a persistent threat '
                    'despite declining ransom payments.',
 'motivation': ['Financial gain', 'Espionage'],
 'post_incident_analysis': {'corrective_actions': 'Improve vulnerability '
                                                  'management, reduce patching '
                                                  'times, and strengthen '
                                                  'ransomware defenses.',
                            'root_causes': 'Growing volume of unpatched '
                                           'vulnerabilities, delayed patching '
                                           'times, and persistent ransomware '
                                           'threats.'},
 'ransomware': {'ransom_paid': '69% of victims refused to pay; median payment '
                               'dropped to $140,000'},
 'recommendations': 'Enhance vulnerability remediation processes, reduce '
                    'patching times, and implement robust ransomware defense '
                    'strategies.',
 'references': [{'date_accessed': '2025',
                 'source': 'Verizon Data Breach Investigations Report'},
                {'date_accessed': '2025',
                 'source': 'CISA Known Exploited Vulnerabilities (KEV) '
                           'Catalog'}],
 'threat_actor': ['Financially motivated attackers',
                  'State-affiliated espionage'],
 'title': 'Exploited Vulnerabilities Surge as Top Initial Access Vector in '
          '2025 Breaches',
 'type': ['Data Breach', 'Ransomware'],
 'vulnerability_exploited': ['Out-of-bounds reads',
                             'Heap-based buffer overflows',
                             'Use-after-free flaws',
                             'External control of file paths',
                             'Incompatible resource access']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.