Widespread exploitable vulnerability exposure across organizations and services
Target Trend
Summary
Hide ▲
Show ▼
87% of organizations have at least one exploitable software vulnerability in production, affecting 40% of all services. The trend is reinforced by 278-day-old median dependencies and uneven risk across stacks, especially Java, .NET, and Rust. This matters because DevSecOps teams must distinguish real exposure from noisy severity scores while also managing dependency staleness and supply-chain drift.
Related Happenings
BufferZoneCorp sleeper-package supply chain campaign
Campaign
First: 01.05.2026 12:43
Last: 01.05.2026 12:43
Sources 1
About this happening:
The **BufferZoneCorp** software supply chain campaign is pushing **malicious Ruby gems and Go modules** that can steal credentials, tamper with **GitHub Actions**, and persist on...
BufferZoneCorp sleeper-package supply chain campaign
CampaignAbout this happening: The **BufferZoneCorp** software supply chain campaign is pushing **malicious Ruby gems and Go modules** that can steal credentials, tamper with **GitHub Actions**, and persist on...
Npm package ecosystem CanisterWorm exploitation wave
Exploitation Wave
First: 23.03.2026 10:31
Last: 23.03.2026 10:31
Sources 1
About this happening:
Attackers expanded the **Trivy** compromise into a **self-propagating CanisterWorm** wave that hit **dozens of npm packages**, creating broad downstream supply-chain risk. The abu...
Npm package ecosystem CanisterWorm exploitation wave
Exploitation WaveAbout this happening: Attackers expanded the **Trivy** compromise into a **self-propagating CanisterWorm** wave that hit **dozens of npm packages**, creating broad downstream supply-chain risk. The abu...
Timeline
-
26.02.2026 16:00 2 articles · 3mo ago
Datadog reports widespread exploitable production vulnerabilities
Initial DisclosureDatadog's State of DevSecOps Report found that 87% of organizations have at least one exploitable software vulnerability in production, affecting 40% of all services. The same analysis says only 18% of critical dependency vulnerabilities remain critical after runtime and CVE context is applied, with 98% of .NET dependency vulnerabilities downgraded from critical; Datadog recommends pinning dependency versions to a full-length commit SHA to reduce supply-chain drift in build and deployment pipelines.
Show sources
- Exploitable Vulnerabilities Present in 87% of Organizations — www.infosecurity-magazine.com — 26.02.2026 16:00
- Exploitable Vulnerabilities Present in 87% of Organizations — www.infosecurity-magazine.com — 26.02.2026 16:00