Skip to main content
HomeTopicsExploits

Exploits

Cybersecurity statistics about exploits

Showing 1-12 of 12 results

62.0% of critical vulnerabilities with known exploits had a working exploit available before scanner detection signatures shipped.

Cogent Security5/31/2026
Vulnerability ManagementSecurity Scanners

Exploits remained the most common initial infection vector for the sixth consecutive year, accounting for 32% of intrusions.

Mandiant5/27/2026
Initial Infection VectorIntrusion

Exploits were observed being weaponised in minutes.

Hive Pro7/10/2025
Vulnerabilities

Exploits spiked 433% in Microsoft Office applications. Web browsers and Office applications have emerged as prime targets. Chrome specifically led all products in known attacks.

Action15/15/2025
VulnerabilitiesMicrosft Office

Exploits spiked 657% in browsers.

Action15/15/2025
VulnerabilitiesBrowser

Exploits continue to be the most common initial infection vector (33%).

Mandiant4/24/2025
Initial infection vector

Browser exploits accounted for 9.2% of the CISA KEV exploits.

Wallarm1/1/2025
WallarmBrowser Exploits

18.9% of API-related exploits involved legacy APIs, including AJAX backends and URL parameter-based systems.

Wallarm1/1/2025
APILegacy Systems

Supply chain exploits accounted for 1.1% of the CISA KEV exploits.

Wallarm1/1/2025
WallarmSupply Chain

Kernel exploits accounted for 5.4% of the CISA KEV exploits.

Wallarm1/1/2025
WallarmKernel Exploits

Mobile exploits accounted for 5.9% of the CISA KEV exploits.

Wallarm1/1/2025
WallarmMobile Exploits

Over 50% of exploits in CISA’s Known Exploited Vulnerabilities (KEV) report were API-related in 2024, up from 20% in 2023.

Wallarm1/1/2025
APIVulnerability