Vulnerabilities have become cyber attackers’ No. 1 door to the enterprise
Verizon’s 2025 Data Breach Investigations Report reveals that exploited vulnerabilities now surpass credential abuse as the top entry point in cyberattacks, accounting for 31% of 31,000 analyzed incidents across 145 countries. Only 26% of Critical CISA Known Exploited Vulnerabilities (KEVs) were fully patched in 2025, with median patch times rising to 43 days, as organizations struggle to keep pace with a 50% year-on-year increase in critical-severity flaws.
Verizon’s latest Data Breach Investigations Report (DBIR) highlights a critical shift in cyberattack tactics, with exploited vulnerabilities becoming the leading cause of breaches, surpassing credential abuse. Analyzing 31,000 incidents—including 22,000 confirmed data breaches—across 145 countries, researchers found that 31% of breaches stemmed from unpatched flaws, compared to 13% linked to stolen credentials. The report underscores patching failures, as only 26% of CISA Known Exploited Vulnerabilities (KEVs) were fully remediated in 2025, down from 38% the prior year, with median patch times extending to 43 days from 32 days. The surge in vulnerability exploitation reflects attackers prioritizing unpatched systems, which require no prior access or phishing. Experts like Daniel Bechenea of Pentest-Tools.com note that exploits now dominate breaches due to slow patching, while Chris Wysopal of Veracode warns that organizations remain unable to fix flaws quickly enough. Meanwhile, the volume of critical-severity vulnerabilities grew by 50% year-on-year, exacerbating the challenge. While exploitation leads initial breach access, credentials remain critical later in attacks, according to James John of Bridewell, who observes that stolen credentials are often used for lateral movement. Phishing accounted for 16% of initial access, unchanged from the prior year, while pretexting rose to 6%, increasingly tied to ransomware and extortion campaigns. Verizon’s data also shows third-party breaches now represent 48% of all incidents, reflecting growing supply chain risks. The report’s findings align with broader industry trends, where AI-assisted attacks and accelerated exploit windows further strain patch management. Experts emphasize the need for faster remediation, as delays leave enterprises vulnerable to increasingly automated and scalable attacks. The shift highlights the evolving threat landscape, where unpatched systems offer attackers a low-effort, high-reward entry point.
This content was automatically generated and/or translated by AI. It may contain inaccuracies. Please refer to the original sources for verification.