The GreyNoise 2025 Mass Internet Exploitation Report provides security leaders, SOC analysts, vulnerability managers, and threat intelligence teams with actionable insights. Attackers are industrializing reconnaissance and exploitation. Security teams must adapt. This report provides the intelligence needed to prioritize, respond, and defend against the next wave of mass exploitation.

This is the first published study in this field to include SPoF (Single Point of Failure) data, which highlights the dependencies a company has on third-party systems and services. This paper represents a snapshot of our ongoing work exploring what is a deep and highly complex dataset.

At Gallagher Re, we have been exploring this data’s vast potential for several years. This research has informed the development of a suite of proprietary tools and services aimed at supporting the (re)insurance community in realising the potential of cyber data to enhance underwriting and portfolio monitoring. Principal among these is TIDE, our portfolio quality and benchmarking tool.

This 10-year anniversary edition of the report dissects the 2022 Microsoft vulnerabilities data and highlights some of the key shifts since the inaugural report. This report will spotlight some of the most significant CVEs of 2022, break down how they are leveraged by attackers, and explain how they can be prevented or mitigated. The way Microsoft classifies the severity rating for a vulnerability is distinct from the likelihood of exploitation.

The report has delivered a holistic annual view of the vulnerabilities within Microsoft’s platforms and products, and has established an undeniable business case for the importance of removing admin rights to reduce risk. In this report, we will examine how these vulnerability trends, along with cloud security adoption, collectively influence how we should think about cybersecurity and risk management in 2022 and beyond.

In its 8th year, the Microsoft Vulnerabilities Report has proven to be a valuable asset for many organizations who wish to gain a holistic understanding of the evolving threat landscape. The report provides a 12-month, consolidated view and analysis of Microsoft Patch Tuesdays, as well as exclusive insights from some of the world’s top cybersecurity experts. This analysis not only reveals evolving vulnerability trends, but also identifies the Critical vulnerabilities that could be mitigated if admin rights were removed.

The Microsoft Vulnerabilities Report has garnered over 16,000 downloads and helped thousands of users leverage its detailed data analysis and expert findings to improve their cyber defenses. This year’s edition of the report not only dissects the 2023 Microsoft vulnerabilities data, but also assesses how these vulnerabilities are being leveraged in identity-based attacks. The report also spotlights some of the most significant CVEs of 2023, breaks down how they are leveraged by attackers, and explains how they can be mitigated.

Common Vulnerabilities and Exposures (aka CVEs) in containers, at least according to the interviews conducted for this study, are a pain (in the vuln). Chainguard conducted ten interviews with software professionals at a range of companies that build or operate containers. The interview questions dealt with the processes and workflows that these professionals use to identify, triage, and remediate CVEs in containers. Many of the questions either involved a request for a time estimate of each step of the process or probed the “why” behind the process or workflow.

In this report, one clear finding from the survey was that it is important to test throughout the application lifecycle using a variety of methods. Although testing early continues to be important, having visibility into and being able to monitor and test deployed applications is still critical. Although security testing capabilities have also improved, the value of individual testing capabilities has changed in response to increased threats and changing application architectures.

This report provides insights into the current state of enterprise cyber risk and the role of AI in it. AI is revolutionizing business and has the potential to significantly improve cybersecurity outcomes. Many already have plans to use integrated AI in cyber tools, especially for inferencing, data analysis, and GenAI conversational systems.

The primary goal of OT Security Leaders it to ensure that the risk of a cyber incident impacting the Reliability, Availability and Safety of operations is minimised. This requires identification and management of vulnerabilities, and a layer of controls to prevent threat actors from accessing networks. The logical starting point is to identify and classify all assets though this is rarely a simple task.

That is the purpose of this report is to show you the hours saved, the data aggregated, and the research methodologies laid bare. you’ll find several sections covering some of the bigger mass exploitations of 2022, also known as celebrity vulnerabilities.

Several trends in the way we work and consume technology have resulted in an ever-expanding cyberattack surface for organizations of all sizes. Comprehensive digital transformation across enterprises, the rise in cloud adoption, the normalization of working from anywhere, and Internet of Things (IoT) initiatives have resulted in an explosion of new applications, along with an increased rate of iterations and updates.

This is the fifth report in the series which plots the use of vulnerability disclosure in consumer markets with the introduction of enterprise starting in 2021. For consumers, knowing that a manufacturer has the requisite systems in place to receive, and remedy, known security flaws is a welcome form of assurance. Indeed, we have said many times that the lack of an easily identifiable method for reporting security issues could be likened to a canary in the coal mine – it’s a good health indicator as to how serious they are about security.

CISA created the KEV catalog in part because of challenges that organizations have historically faced in prioritizing vulnerabilities. In any given year, there are tens of thousands of new vulnerabilities. But according to CISA, a study of historical vulnerability data dating back to 2019 shows that less than 4% of all known vulnerabilities were being used by attackers in the wild.

The 9th edition of the Edgescan Vulnerability Stats Report 2024. This report demonstrates the state of full stack security based on thousands of security assessments and penetration tests on millions of assets that were performed globally from the Edgescan Cybersecurity Platform in 2023. This is an analysis of vulnerabilities detected in the systems of hundreds of organizations across a wide range of industries – from the Fortune 500 to medium and small businesses. The report provides a statistical model of the most common weaknesses faced by organizations to enable data-driven decisions for managing risks and exposures more effectively.

In our third State of the Cybersecurity Attack Surface report, we continue to see enterprises struggle with many of the same issues they’ve been grappling with—they are blind to IT assets missing endpoint protection, patch management, and, as we now include in this report, vulnerability management. “Stale” IT assets continue to proliferate across corporate networks. Organizations are unnecessarily paying for unused licenses while facing budget cuts and economic challenges.

The third annual Future of Application Security survey reveals how key stakeholders are responding to this challenge. We surveyed 1504 developers, CISOs, and AppSec managers from a broad range of industries across the US, Europe, and Asia-Pacific regions. The responsibility has shifted away from dedicated security teams and is now shared between AppSec managers and developers.

This report uses data from the Synopsys Black Duck Audit Services team’s analysis of anonymized findings from 1,067 commercial codebases across 17 industries during 2023. The Audit Services team has helped security, development, and legal teams around the world strengthen their security and license compliance programs for over 20 years. The team audits thousands of codebases for our customers each year, with the primary aim of identifying software risks during merger and acquisition (M&A) transactions.

In this year’s report, 500 U.S.-based ITOps professionals express how automation increases their IT agility –reducing costs and enhancing endpoint management capabilities. The report also reveals that less than half (44%) of organizations have high ITOps agility, with the most agile showing mature uses of AI and workflow automation tools.

In this report, Coalition Security Labs’ dedicated security research team dives into data derived from Coalition’s extensive threat collection technologies and provides critical information to help security professionals, brokers, and businesses navigate the current cyber risk landscape. Readers will gain insights into how to prioritize vulnerabilities, understand which technologies threat actors are targeting, and compare cyber hygiene across industries.