Application security

Zero-days account for most exploited bugs last year

Threat actors actively exploited 138 software vulnerabilities last year, 70.3% of which were zero-days, while vendors affected by the abused bugs rose from 44 in 2022 to a record high of 56 in 2023, reports BleepingComputer.

Moreover, the ratio between fixed flaws and zero-days declined from 4:6 between 2020 and 2022 to 3:7 last year, with the change attributed to escalated zero-day abuse and improved zero-day detection, an analysis from Google Cloud Mandiant showed. Additional findings revealed that only five days were needed by malicious actors to exploit security flaws last year, indicating a significant decline from time to exploit periods of 32 days in 2021-2022 and 63 days in 2018-2019. However, TTE was not found to be associated with exploit disclosures, as shown with malicious activity involving the Fortinet FortiOS bug, tracked as CVE-2023-27997, and WooCommerce Payments plugin flaw, tracked as CVE-2023-28121. Such findings further emphasize the importance of real-time vulnerability detection, network segmentation, and patch prioritization, according to researchers.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds