Q4 2025 was one of the most intense quarters on record for critical vulnerability disclosures. CVE registrations continued to rise year-over-year, with critical flaws in Microsoft Office, WinRAR, React Server Components, Redis, Windows WSUS, and Linux kernel subsystems being actively exploited. Linux exploit attempts doubled in
Table of contents
Statistics on registered vulnerabilitiesExploitation statisticsVulnerability exploitation in APT attacksC2 frameworksNotable vulnerabilitiesConclusion and adviceSort: