Aggregator

Cybercriminals continued to shift to stealthier tactics, with lower-profile credential theft spiking, while ransomware attacks on enterprises declined, according to IBM. Researchers observed an 84% increase in emails delivering infostealers in 2024 compared to the prior year, a method threat actors relied heavily on to scale identity attacks. 70% of attacks in 2024 involved critical infrastructure. In this subset, the use of valid accounts made up 31% of initial access vectors, followed by phishing and … More →

The post Phishing emails delivering infostealers surge 84% appeared first on Help Net Security.

Skyhawk Security expanded its AI-powered Autonomous Purple Team to include custom cloud applications. For the first time, organizations can preemptively and continuously secure custom cloud applications and their cloud infrastructure without agents. This innovation protects against today’s biggest cloud security issue, one exploited in recent attacks including the MOVEit Transfer breach, the XZ Utils backdoor, a Google Cloud metadata exposure via a web application flaw and Log4j and Log4Shell—thus closing the gap between application security … More →

The post Skyhawk Security enhances Autonomous Purple Team to secure custom cloud apps appeared first on Help Net Security.

The 2025 Verizon Data Breach Investigations Report (DBIR) reveals that vulnerability exploitation was present in 20% of breaches — a 34% increase year-over-year. To support the report, Tenable Research contributed enriched data on the most exploited vulnerabilities. In this blog, we analyze 17 edge-related CVEs and remediation trends across industry sectors.

Since 2008, Verizon’s annual Data Breach Investigations Report (DBIR) has helped organizations understand evolving cyber threats. For the 2025 edition, Tenable Research contributed enriched data on the most exploited vulnerabilities of the past year. We analyzed over 160 million data points and zeroed-in on the 17 edge device CVEs featured in the DBIR to understand their average remediation times. In this blog, we take a closer look at these vulnerabilities, revealing industry-specific trends and highlighting where patching still lags — often by months.

In this year’s DBIR, vulnerabilities in Virtual Private Networks (VPNs) and edge devices were particular areas of concern, accounting for 22% of the CVE-related breaches in this year’s report, almost eight times the amount of 3% found in the 2024 report.

The 2025 DBIR found that exploitation of vulnerabilities surged to be one of the top initial access vectors for 20% of data breaches. This represents a 34% increase over last year’s report and is driven in part by the zero-day exploitation of VPN and edge device vulnerabilities – asset classes that traditional endpoint detection and response (EDR) vendors struggle to assess effectively. The DBIR calls special attention to 17 CVEs affecting these edge devices, which remain valuable targets for attackers. Tenable Research analyzed these 17 CVEs and evaluated which industries had the best and worst remediation rates across the vulnerabilities. As a primer, the table below provides this list of CVEs and details for each, including their Common Vulnerability Scoring System (CVSS) and Tenable Vulnerability Priority Rating (VPR) scores. It’s worth noting that each of these CVEs was added to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) list in 2024.

*Please note: Tenable’s Vulnerability Priority Rating (VPR) scores are calculated nightly. This blog post was published on April 23 and reflects VPR at that time.

Tenable Research Analyzes Edge CVE Remediation Trends

Featured prominently in the DBIR, these 17 edge device CVEs were further analyzed by Tenable Research and are organized by vendor with each chart below consisting of CVEs fixed in the same patch release. To understand remediation efforts from Tenable’s telemetry data, we analyzed the average time in days for remediation of these vulnerabilities. The charts shown below spotlight the three industries that had the shortest average time to remediate each vulnerability as well as the three sectors that took the longest amount of time to remediate.

Cisco

CVE-2024-20359 was highlighted in April 2024 by Cisco Talos as one of two known vulnerabilities being exploited by an advanced persistent threat (APT) actor labeled as UAT4356 by Talos and STORM-1849 by the Microsoft Threat Intelligence Center. The flaw was used as part of an espionage campaign known as ArcaneDoor. From our analysis, we found that the education, energy and utilities, and shipping and transportation industries had the longest average remediation time for this vulnerability. CVE-2024-20359 was added to the CISA KEV list on April 24, 2024; the same date Cisco Talos released its research on ArcaneDoor. This KEV addition had a due date of seven days for federal civilian executive branch (FCEB) agencies, which are mandated by Binding Operational Directive (BOD) 22-01. Despite this short patch window, we see that the government sector had a surprisingly high average remediation rate of 116 days. While this is well outside the KEV due date, government was one of the three industries with the fastest average remediation rate.

Source: Tenable Research, April 2025

Citrix

CVE-2023-6548 and CVE-2023-6549 are a pair of zero-day vulnerabilities that were exploited against Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway appliances. These vulnerabilities were patched in early January 2024, only months after Citrix addressed CVE-2023-4966, a critical flaw in NetScaler appliances called “CitrixBleed” that was widely exploited by a variety of attackers. While Citrix appliances continue to remain a high value target for attackers, the remediation rates, even amongst the three industries with the shortest average remediation rates, are much higher than we anticipated. The lowest average patch rate observed was 160 days for the consulting industry.

Source: Tenable Research, April 2025

Fortinet

CVE-2024-21762 and CVE-2024-23113 are two critical severity vulnerabilities affecting Fortinet’s FortiOS network operating system. At the time the Fortinet advisory was released for these vulnerabilities, CVE-2024-21762 was listed as “potentially being exploited in the wild.” Just a day later, CISA added it to the KEV list. Similar to the Citrix vulnerabilities above, the average remediation time for these vulnerabilities ranged from 172 days on the low end to over 260 days on the high end. The consulting industry had the longest average remediation rate while the software, internet and technology sector had the shortest at 172 days.

Source: Tenable Research, April 2025

In stark contrast to the Fortinet CVEs above is CVE-2023-48788, a critical SQL injection vulnerability affecting FortiClient Enterprise Management Server (FortiClientEMS). The communications and telecommunications sector led the way with an average remediation rate of only 12 days with healthcare a distant second, with an average of 71 days to remediate the flaw.

Source: Tenable Research, April 2025

Similar to CVE-2023-48788, CVE-2024-47575, a missing authentication vulnerability in FortiManager dubbed “FortiJump,” appears to have been urgently addressed by organizations. Our analysis revealed it had the lowest average remediation rates of the 17 CVEs we examined. Remediation times averaged a week, even for the slowest to patch industries.

Source: Tenable Research, April 2025

Ivanti

Over the last five years, Ivanti’s Connect Secure and Policy Secure have been targeted by a variety of threat actors including ransomware groups and other nation-state aligned threat actors. Unsurprisingly, CVE-2023-46805 and CVE-2024-21887 have been reportedly abused by threat actors in chained attacks to achieve RCE. Additionally, these flaws were exploited as zero-days. From our analysis, even the quickest of industries to remediate these flaws took over 260 days to do so with the highest average just shy of 300 days.

Source: Tenable Research, April 2025

Only a few weeks after patches for CVE-2023-46805 and CVE-2024-21887 were released, Ivanti released a new advisory with additional CVEs, including CVE-2024-21893. While initially it was believed that CVE-2024-21893 was only exploited in limited attacks, Shadowserver reported a major increase in exploit activity hours prior to a public proof-of-concept (PoC) being released. Interestingly this vulnerability saw some differing remediation rates with the biotechnology and chemicals sector being the fastest to patch with an average of nine days for remediation.

Source: Tenable Research, April 2025

Juniper Networks

Next we examined five CVEs from Juniper Networks (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847 and CVE-2023-36851) affecting Junos OS. These vulnerabilities were quickly exploited in a chained attack just days after being disclosed by Juniper Networks, which released its patches on August 17, 2024. While four of the five vulnerabilities had medium severity CVSSv3 scores, chaining these flaws allows for a remote, unauthenticated attacker to execute arbitrary code on unpatched devices. The average remediation rate for these vulnerabilities varied greatly, with food and beverage at over 420 days and shipping and transportation on the low end with an average remediation time of 80 days.

Source: Tenable Research, April 2025

Palo Alto Networks

CVE-2024-3400 is a critical command injection vulnerability affecting the Palo Alto Networks GlobalProtect Gateway feature of PAN-OS that was exploited in the wild as a zero-day. In our dataset, this CVE had a smaller footprint than others examined, yet it shared a similar trend with most industries requiring over 100 days to remediate. The banking, finance and insurance sector performed far better with an average of 45 days to close out this vulnerability.

Source: Tenable Research, April 2025

SonicWall

The final CVE we examined was CVE-2024-40766, a critical improper access control vulnerability in the SonicWall SonicOS management access and SSLVPN. This flaw saw exploitation from ransomware groups, including Fog and Akira, which utilized the vulnerability to gain initial access to their victims' networks. In the case of this SonicWall vulnerability, average remediation rates were low in comparison to the other CVEs we examined, with the slowest sector taking 52 days (consulting) and the fastest (engineering) taking an average of only six days.

Source: Tenable Research, April 2025

The 17 CVEs we examined in our analysis, while only representing a small portion of the CISA KEV, encompass devices that have an elevated risk, due to their placement at the forefront of a network. Despite these being some of the most valuable targets for attackers, our examination of remediation rates show us that there’s still room for improvement across all industry verticals. Known and exploitable vulnerabilities continue to be abused by threat actors, many of which take advantage of readily available exploits. Data has become increasingly valuable and attackers and APT groups alike have zeroed in on the exploits and vulnerabilities that provide and help them maintain access to victim networks. In order to reduce risk and harden your networks, we recommend addressing each of the CVEs discussed in this post as well as reading the Verizon 2025 DBIR to understand the trends and tactics used by threat actors. Security isn’t just for infosec professionals — it’s everyone’s responsibility. The data compiled by Verizon, in collaboration with Tenable, offer valuable insights into today’s modern threat landscape and what you can do to better protect the networks, devices and people you defend.

A list of Tenable plugins for the vulnerabilities discussed in the blog can be found on the individual CVE pages for each of the CVEs listed below. These links will display all available plugins for these vulnerabilities, including upcoming plugins in our Plugins Pipeline.

• CVE-2024-20359
• CVE-2023-6548
• CVE-2023-6549
• CVE-2023-48788
• CVE-2024-21762
• CVE-2024-23113
• CVE-2024-47575
• CVE-2023-46805
• CVE-2024-21887
• CVE-2024-21893
• CVE-2023-36844
• CVE-2023-36845
• CVE-2023-36846
• CVE-2023-36847
• CVE-2023-36851
• CVE-2024-3400
• CVE-2024-40766

• Verizon 2025 Data Breach Investigations Report (DBIR)

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

The post Verizon 2025 DBIR: Tenable Research Collaboration Shines a Spotlight on CVE Remediation Trends appeared first on Security Boulevard.

The 2025 Verizon Data Breach Investigations Report (DBIR) reveals that vulnerability exploitation was present in 20% of breaches — a 34% increase year-over-year. To support the report, Tenable Research contributed enriched data on the most exploited vulnerabilities. In this blog, we analyze 17 edge-related CVEs and remediation trends across industry sectors.

Since 2008, Verizon’s annual Data Breach Investigations Report (DBIR) has helped organizations understand evolving cyber threats. For the 2025 edition, Tenable Research contributed enriched data on the most exploited vulnerabilities of the past year. We analyzed over 160 million data points and zeroed-in on the 17 edge device CVEs featured in the DBIR to understand their average remediation times. In this blog, we take a closer look at these vulnerabilities, revealing industry-specific trends and highlighting where patching still lags — often by months.

In this year’s DBIR, vulnerabilities in Virtual Private Networks (VPNs) and edge devices were particular areas of concern, accounting for 22% of the CVE-related breaches in this year’s report, almost eight times the amount of 3% found in the 2024 report.

The 2025 DBIR found that exploitation of vulnerabilities surged to be one of the top initial access vectors for 20% of data breaches. This represents a 34% increase over last year’s report and is driven in part by the zero-day exploitation of VPN and edge device vulnerabilities – asset classes that traditional endpoint detection and response (EDR) vendors struggle to assess effectively. The DBIR calls special attention to 17 CVEs affecting these edge devices, which remain valuable targets for attackers. Tenable Research analyzed these 17 CVEs and evaluated which industries had the best and worst remediation rates across the vulnerabilities. As a primer, the table below provides this list of CVEs and details for each, including their Common Vulnerability Scoring System (CVSS) and Tenable Vulnerability Priority Rating (VPR) scores. It’s worth noting that each of these CVEs was added to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) list in 2024.

*Please note: Tenable’s Vulnerability Priority Rating (VPR) scores are calculated nightly. This blog post was published on April 23 and reflects VPR at that time.

Tenable Research Analyzes Edge CVE Remediation Trends

Featured prominently in the DBIR, these 17 edge device CVEs were further analyzed by Tenable Research and are organized by vendor with each chart below consisting of CVEs fixed in the same patch release. To understand remediation efforts from Tenable’s telemetry data, we analyzed the average time in days for remediation of these vulnerabilities. The charts shown below spotlight the three industries that had the shortest average time to remediate each vulnerability as well as the three sectors that took the longest amount of time to remediate.

Cisco

CVE-2024-20359 was highlighted in April 2024 by Cisco Talos as one of two known vulnerabilities being exploited by an advanced persistent threat (APT) actor labeled as UAT4356 by Talos and STORM-1849 by the Microsoft Threat Intelligence Center. The flaw was used as part of an espionage campaign known as ArcaneDoor. From our analysis, we found that the education, energy and utilities, and shipping and transportation industries had the longest average remediation time for this vulnerability. CVE-2024-20359 was added to the CISA KEV list on April 24, 2024; the same date Cisco Talos released its research on ArcaneDoor. This KEV addition had a due date of seven days for federal civilian executive branch (FCEB) agencies, which are mandated by Binding Operational Directive (BOD) 22-01. Despite this short patch window, we see that the government sector had a surprisingly high average remediation rate of 116 days. While this is well outside the KEV due date, government was one of the three industries with the fastest average remediation rate.

Source: Tenable Research, April 2025

Citrix

CVE-2023-6548 and CVE-2023-6549 are a pair of zero-day vulnerabilities that were exploited against Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway appliances. These vulnerabilities were patched in early January 2024, only months after Citrix addressed CVE-2023-4966, a critical flaw in NetScaler appliances called “CitrixBleed” that was widely exploited by a variety of attackers. While Citrix appliances continue to remain a high value target for attackers, the remediation rates, even amongst the three industries with the shortest average remediation rates, are much higher than we anticipated. The lowest average patch rate observed was 160 days for the consulting industry.

Source: Tenable Research, April 2025

Fortinet

CVE-2024-21762 and CVE-2024-23113 are two critical severity vulnerabilities affecting Fortinet’s FortiOS network operating system. At the time the Fortinet advisory was released for these vulnerabilities, CVE-2024-21762 was listed as “potentially being exploited in the wild.” Just a day later, CISA added it to the KEV list. Similar to the Citrix vulnerabilities above, the average remediation time for these vulnerabilities ranged from 172 days on the low end to over 260 days on the high end. The consulting industry had the longest average remediation rate while the software, internet and technology sector had the shortest at 172 days.

Source: Tenable Research, April 2025

In stark contrast to the Fortinet CVEs above is CVE-2023-48788, a critical SQL injection vulnerability affecting FortiClient Enterprise Management Server (FortiClientEMS). The communications and telecommunications sector led the way with an average remediation rate of only 12 days with healthcare a distant second, with an average of 71 days to remediate the flaw.

Source: Tenable Research, April 2025

Similar to CVE-2023-48788, CVE-2024-47575, a missing authentication vulnerability in FortiManager dubbed “FortiJump,” appears to have been urgently addressed by organizations. Our analysis revealed it had the lowest average remediation rates of the 17 CVEs we examined. Remediation times averaged a week, even for the slowest to patch industries.

Source: Tenable Research, April 2025

Ivanti

Over the last five years, Ivanti’s Connect Secure and Policy Secure have been targeted by a variety of threat actors including ransomware groups and other nation-state aligned threat actors. Unsurprisingly, CVE-2023-46805 and CVE-2024-21887 have been reportedly abused by threat actors in chained attacks to achieve RCE. Additionally, these flaws were exploited as zero-days. From our analysis, even the quickest of industries to remediate these flaws took over 260 days to do so with the highest average just shy of 300 days.

Source: Tenable Research, April 2025

Only a few weeks after patches for CVE-2023-46805 and CVE-2024-21887 were released, Ivanti released a new advisory with additional CVEs, including CVE-2024-21893. While initially it was believed that CVE-2024-21893 was only exploited in limited attacks, Shadowserver reported a major increase in exploit activity hours prior to a public proof-of-concept (PoC) being released. Interestingly this vulnerability saw some differing remediation rates with the biotechnology and chemicals sector being the fastest to patch with an average of nine days for remediation.

Source: Tenable Research, April 2025

Juniper Networks

Next we examined five CVEs from Juniper Networks (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847 and CVE-2023-36851) affecting Junos OS. These vulnerabilities were quickly exploited in a chained attack just days after being disclosed by Juniper Networks, which released its patches on August 17, 2024. While four of the five vulnerabilities had medium severity CVSSv3 scores, chaining these flaws allows for a remote, unauthenticated attacker to execute arbitrary code on unpatched devices. The average remediation rate for these vulnerabilities varied greatly, with food and beverage at over 420 days and shipping and transportation on the low end with an average remediation time of 80 days.

Source: Tenable Research, April 2025

Palo Alto Networks

CVE-2024-3400 is a critical command injection vulnerability affecting the Palo Alto Networks GlobalProtect Gateway feature of PAN-OS that was exploited in the wild as a zero-day. In our dataset, this CVE had a smaller footprint than others examined, yet it shared a similar trend with most industries requiring over 100 days to remediate. The banking, finance and insurance sector performed far better with an average of 45 days to close out this vulnerability.

Source: Tenable Research, April 2025

SonicWall

The final CVE we examined was CVE-2024-40766, a critical improper access control vulnerability in the SonicWall SonicOS management access and SSLVPN. This flaw saw exploitation from ransomware groups, including Fog and Akira, which utilized the vulnerability to gain initial access to their victims' networks. In the case of this SonicWall vulnerability, average remediation rates were low in comparison to the other CVEs we examined, with the slowest sector taking 52 days (consulting) and the fastest (engineering) taking an average of only six days.

Source: Tenable Research, April 2025

The 17 CVEs we examined in our analysis, while only representing a small portion of the CISA KEV, encompass devices that have an elevated risk, due to their placement at the forefront of a network. Despite these being some of the most valuable targets for attackers, our examination of remediation rates show us that there’s still room for improvement across all industry verticals. Known and exploitable vulnerabilities continue to be abused by threat actors, many of which take advantage of readily available exploits. Data has become increasingly valuable and attackers and APT groups alike have zeroed in on the exploits and vulnerabilities that provide and help them maintain access to victim networks. In order to reduce risk and harden your networks, we recommend addressing each of the CVEs discussed in this post as well as reading the Verizon 2025 DBIR to understand the trends and tactics used by threat actors. Security isn’t just for infosec professionals — it’s everyone’s responsibility. The data compiled by Verizon, in collaboration with Tenable, offer valuable insights into today’s modern threat landscape and what you can do to better protect the networks, devices and people you defend.

A list of Tenable plugins for the vulnerabilities discussed in the blog can be found on the individual CVE pages for each of the CVEs listed below. These links will display all available plugins for these vulnerabilities, including upcoming plugins in our Plugins Pipeline.

• CVE-2024-20359
• CVE-2023-6548
• CVE-2023-6549
• CVE-2023-48788
• CVE-2024-21762
• CVE-2024-23113
• CVE-2024-47575
• CVE-2023-46805
• CVE-2024-21887
• CVE-2024-21893
• CVE-2023-36844
• CVE-2023-36845
• CVE-2023-36846
• CVE-2023-36847
• CVE-2023-36851
• CVE-2024-3400
• CVE-2024-40766

• Verizon 2025 Data Breach Investigations Report (DBIR)

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

华硕称，启用AiCloud的路由器存在身份验证绕过漏洞，可能允许远程攻击者在设备上未经授权执行功能。

该漏洞在CVE-2025-2492下被跟踪，并被评为关键（CVSS v4得分：9.2），可以通过特制的请求远程利用，不需要身份验证，这使得它特别危险。

“在某些华硕路由器固件系列中存在不正确的身份验证控制漏洞，”供应商公告中写道。此漏洞可能由精心设计的请求触发，可能导致未经授权的功能执行。

AiCloud是一种基于云的远程访问功能，内置在许多华硕路由器中，将它们变成迷你的私有云服务器。

它允许用户从互联网上的任何地方访问连接到路由器的USB驱动器上存储的文件，远程流媒体，在家庭网络和其他云存储服务之间同步文件，并通过链接与他人共享文件。

在AiCloud中发现的漏洞影响了广泛的型号，华硕发布了多个固件分支的修复程序，包括3.0.443 - 82系列，3.0.443 - 86系列，3.0.443 - 88系列和3.0.0.6_102系列。

建议用户升级到适合其型号的最新固件版本，可以在供应商的支持门户网站或产品查找器页面上找到。关于如何应用固件更新的详细说明可以在这里找到。

华硕还建议用户使用不同的密码来保护他们的无线网络和路由器管理页面，并确保密码长度至少为10个字符，由字母、数字和符号组成。

建议受报废产品影响的用户完全关闭AiCloud服务，并关闭WAN、端口转发、DDNS、VPN服务器、DMZ、端口触发、FTP等服务的上网。

虽然目前还没有针对CVE-2025-2492的主动利用或公开概念验证漏洞的报告，但攻击者通常会针对这些漏洞用恶意软件感染设备或将其招募到DDoS群中。因此，强烈建议华硕路由器用户尽快升级到最新固件。