Old Security Flaws Remain Open Doors for Cyber Attackers
Top-Exploited Vulnerabilities Remain Over a Decade Old
The past year has seen a compression in exploitation timelines for enterprise environments, with newly disclosed flaws entering active use nearly instantly. This trend is particularly concerning, as it highlights the ongoing persistence of older vulnerabilities in various systems.
Nearly 40% of Top-Targeted Vulnerabilities Affect End-of-Life Devices
According to recent research, nearly 40% of the top-targeted vulnerabilities affect end-of-life devices, while 32% have been active for over a decade.
Attackers have taken advantage of these aged vulnerabilities, combining them with rapid weaponization and long-term exposure to achieve successful breaches.
Examples of Exploited Vulnerabilities
For instance, React2Shell, a recently disclosed vulnerability, became the most targeted in 2025, despite being released in December. Similarly, Log4Shell CVEs remained among the top 10 most targeted vulnerabilities, as the underlying issue continues to be embedded in enterprise applications and legacy systems.
Challenges in Updating Components
Researchers warn that components like PHPUnit, ColdFusion, and Log4j often become deeply integrated within applications, making updates challenging and resource-intensive.
This highlights the importance of acknowledging and addressing the long-term exposure of vulnerabilities in existing systems.
Network Infrastructure Vulnerabilities
Analysis reveals that attackers continue to focus on scalable weaknesses, with about 25% of vulnerabilities impacting widely used frameworks and libraries, and 23% affecting network devices such as VPN appliances and firewalls.
Ransomware Operations
Remote code execution accounted for 80% of the top 100 vulnerabilities, reflecting a clear preference for flaws that enable direct access without relying on user interaction.
Identity and Consistency in Ransomware Operations
Network infrastructure vulnerabilities make up approximately 14% of the total, but a single flaw can expose routers, switches, and controllers simultaneously.
Platform software also carries significant risks, and organizations must remain vigilant in identifying and mitigating these vulnerabilities.
Phishing Remains a Primary Access Vector
In addition to exploiting vulnerabilities, attackers have also targeted identity and consistency in ransomware operations.
Common techniques include using valid accounts at multiple stages of the attack lifecycle, supported by tools requiring user credentials.
Industry Targeting Varies by Attack Type
Attacks against multifactor authentication (MFA) have also increased, with 30% of MFA spray attacks targeting identity and access management applications in 2025.
Sectors with Consistent Identity Practices
Industry targeting varies by attack type, with higher education ranking first for device compromise attacks due to diverse and unmanaged device environments.
Spray Attacks Concentrate in Sectors
Spray attacks, on the other hand, concentrate in sectors with consistent identity practices.
Travel-Related Phishing Lures
Phishing remains a primary access vector, with 40% of incident response cases involving phishing tactics.
Attackers reuse phishing after initial access, with 35% of phishing cases involving internal activity from compromised accounts.
Internal Activity from Compromised Accounts
Internal activity originating from trusted accounts increased the likelihood of user interaction, with 75
About Author
English