Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Verizon 2026 DBIR shows vulnerability exploitation as the top breach access trend in 2025

Target Trend
First reported
Last updated
Happening score
H score 39
1 unique sources, 1 articles

Summary

Hide ▲

Vulnerability exploitation became the leading breach access vector in 2025, increasing compromise risk across 31,000 incidents and 22,000+ confirmed breaches. Unpatched vulnerabilities drove 31% of breaches, while credential abuse fell to 13%, showing a shift away from last year’s top entry point. The finding matters because defenders now have only hours rather than months to respond, yet median full patching still took 43 days.

Related Happenings

Healthcare breach trend shifts toward AI-assisted social engineering in 2025

Target Trend
First: 22.05.2026 16:17 Last: 22.05.2026 16:17 Sources 1

About this happening: **Healthcare organizations** faced a sharp rise in **social engineering** and **pretexting** in **2025**, making identity abuse a dominant breach pattern. **Verizon Business’ 2026...

Open Happening

Vulnerability exploitation overtakes credentials as top breach entry path

Target Trend
First: 20.05.2026 11:40 Last: 20.05.2026 11:40 Sources 1

About this happening: **Vulnerability exploitation** became the top initial access vector for **data breaches** over the past year, displacing **compromised credentials** and signaling a major shift in...

Open Happening

CISA KEV remediation lag is widening as exploit timelines shrink

Target Trend
First: 10.04.2026 17:01 Last: 10.04.2026 17:01 Sources 1

About this happening: **CISA KEV** remediation lag is widening across **10,000 organizations**, leaving enterprise exposures open longer than attackers need to weaponize them. Critical vulnerabilities...

Open Happening

Storm-1175 high-velocity exploit campaign

Campaign
First: 06.04.2026 19:56 Last: 06.04.2026 19:56 Sources 1

About this happening: **Storm-1175** is running a **high-velocity exploit campaign** that rapidly turns access into **Medusa ransomware** deployment, creating risk of **data exfiltration** and encrypte...

Open Happening

Newly disclosed CVSS 7 to 10 vulnerabilities accelerated exploitation wave

Exploitation Wave
First: 18.03.2026 15:00 Last: 18.03.2026 15:00 Sources 1

About this happening: Exploitation of newly disclosed **CVSS 7 to 10 vulnerabilities** surged **105% YoY**, shrinking the time defenders have to react and patch. The median disclosure-to-**CISA KEV** i...

Open Happening

Timeline

  1. 20.05.2026 03:04 2 articles · 7d ago

    Verizon publishes 2026 DBIR breach-trend findings

    Initial Disclosure

    Verizon’s 2026 DBIR reports that vulnerability exploitation became the top breach access vector in 2025 across 31,000 analyzed incidents and more than 22,000 confirmed breaches, with unpatched vulnerabilities accounting for 31% of breaches and ransomware appearing in 48% of confirmed breaches. The report also says organizations patched only 26% of CISA Known Exploited Vulnerabilities (KEV) defects last year, median full patching rose to 43 days, and AI is compressing defenders’ response window from months to hours.

    Show sources
    Open in new tab