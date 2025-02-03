A total of 768 CVEs were publicly reported as exploited in the wild for the first time in 2024, according to new data by VulnCheck.

This represents a 20% increase compared to 2023, when 639 CVEs were publicly reported as exploited in the wild for the first time.

Around a quarter (23.6%) of these vulnerabilities were exploited on or before the day their CVEs were publicly disclosed, making them zero days. This is a slight fall from 2023, when 26.8% of CVEs were zero days.

Half of CVEs were reported as exploited within 192 days of being publicly disclosed in 2024, while 75% were within 1004 days.

“Despite the buzz around zero-day exploitation, these findings indicate that exploitation can happen at any time in a vulnerability's lifecycle,” the researchers noted.

During 2024, just 1% of the CVEs published were reported publicly as exploited in the wild, which VulnCheck said aligns with rates seen in previous years.

Exploit Report Spikes Linked to Industry Events

The vulnerability intelligence firm observed notable spikes in public reports of exploits during particular periods. These included during April and May 2024, coinciding with the RSA Conference and various end-of-quarter cybersecurity research reports.

The onboarding of new sources of vulnerability exploitation sources also contributed to the increase in public reports. This includes the emergence of the Shadowserver Foundation in January 2024, a nonprofit threat intelligence organization.