Verizon's 2025 Data Breach Investigations Report (DBIR), based on 31,000 incidents, reveals vulnerability exploitation has surged to become the top initial access vector in breaches at 31%, significantly outpacing credential abuse at 13%. Only 26% of CISA Known Exploited Vulnerabilities were fully remediated in 2025, down from 38% the prior year, while the median patch time rose to 43 days. The volume of critical vulnerabilities grew 50% year-on-year. Third-party breaches now account for 48% of incidents. Ransomware featured in nearly half of all breaches, though ransom payments declined, pushing attackers toward data exfiltration and operational disruption. AI is accelerating exploit development, shrinking defender response windows from months to hours. Security experts recommend shifting to risk-based, continuous vulnerability management tied to real-time exploitation intelligence rather than scheduled patch cycles.
Sort: