Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Ivanti: Vulnerability Trends: Zero Days, Exploits & Response Strategies

Ivanti
07/03/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


are being seen. And if you read my blog from yesterday on Patch Tuesday, I started it off more with talking about, you know, there's a different mindset that we need to get into in getting ahead of vulnerabilities and being able to respond to vulnerabilities more quickly. So I talk about that a little bit in there. And the first thing is really starting to, you know, think through how you define your risk appetite and make sure that you've configured for being able to remediate based on that, on that risk appetite. What this means is you've already made the majority of decisions that need to be made when Patch Tuesday comes around or when there's a zero day or when there's a, a new browser release, you know, cause they're all on a continuous release cycle every week. You already know the answer to when and how those things are going to be deployed. You've made those decisions. So really it's, it's more of a matter of on that, when that new finding comes in, you just need to determine, is there anything of a high risk that needs to take a faster track or do you let it get resolved in the course of your current, you know, routine, you know, maintenance, you know, your once a month maintenance that typically starts around Patch Tuesday or have some of you are already moving towards doing a parallel kind of track where you do your monthly maintenance or routine maintenance that comes around each month and then you have tracks for additional work, like priority updates that you do on a more weekly basis, like the browsers, sitting down and having that thinking through that within your environment will help you trying to get ahead of this type of trend or trend that's going on. So CSO online released this article talking about the fact that 32% of exploited vulnerabilities in 2025 are zero day or one day exploits. So that means that, you know, we are having to detect, prioritize and respond to many of these threats much faster than we've had to in the past. And that number is growing. So there's a pretty good breakdown of some of the trends here and some of the areas that are definitely, you know, getting hit hardest. There were 432 new CVEs tracked by VulnCheck, is the threat intel vendor in this case, that were added to their known exploited vulnerability database in the first half of this year. 132 of those CVEs were added by the U.S. cybersecurity and infrastructure, CISA, to its KEV list. So if you're going based on CISA's KEV list, you know, you're only getting a subset of all exploited vulnerabilities that are out there. I've talked with the team responsible for that CISA KEV list before. They do good work. They're trying to prioritize the tip of the iceberg, the worst of the worst, the ones that you absolutely have to take action on soonest. But it's not all of the vulnerabilities that are being exploited. So like VulnCheck, like our own vulnerability intel, we're tracking a larger number of CVEs that are actively being exploited at any given time. And it's a pretty large order of magnitude difference. So it's always good to look at that and determine, is CISA KEV enough or do you need additional vulnerability intel? Those of you using the Ivanti Neurons for patch management solution, you know that we've got that same vulnerability intel in our risk-based vulnerability management platform is also feeding into the patch catalog in the Neurons patch solution. So you get a lot of that, any of those exploits relating to our products that we support, the products in our catalog, you'll get that known exploited information there. But getting that better understanding of what's actively being exploited is a key part of how we get ahead of these challenges. They also talk about a few other key trends, like what are the larger buckets of devices or types of software vulnerabilities that are being targeted. So far this year, one of the largest is 86 of those stemmed from the CMS platforms that you may be running. So especially if you're using things like WordPress, WordPress was a significant contributor to that 86 CVEs that are in those CMS platforms. And a lot of it is the WordPress plugins. Those plugins can be very risky. Yes, they help you to deliver content more effectively, but many of them can be exploited and are being exploited. So that's the largest bucket is your CMS systems. That unfortunately are pieces of software that typically need to be updated by your web team. They're not solutions that those teams can just use a patch management solution to quickly update because oftentimes, like WordPress, when you update WordPress, you potentially could break a whole bunch of plugins that make all of your content generate and present correctly. So those are a bit more complicated. The second most impacted category were network edge devices. If you were at Black Hat or have seen any of the recent news there, there's a number of different vulnerabilities and nation state level threat actors who are targeting everything from commercial or corporate level devices to commercial home, SOHO type devices. So there's a lot of vulnerabilities in those network edge devices that are being targeted across the industry, pretty much all vendors. There were some recent news from Amber Wolf. They were hitting a few of those vendors pretty hard for not being responsive to vulnerabilities even when they've known about them for a while. So definitely a lot to look at in that network edge device bucket. Again, complex devices that usually need somebody from the network security team to be able to update those devices to ensure that they update and you don't break routing or firewall or other VPN access, any of those types of capabilities. So a lot of times you need people to update those devices. Server software, 61 of those 432 are targeting typical server software that we're running within our environment. Open source was another 55, operating system another 38. So that rounds out kind of the top five categories and that's the majority of those 432 vulnerabilities that are being exploited this year. So yeah, there's definitely a lot. There are certain vendors that are definitely large vendors that we have a lot of instances of in our environments like Microsoft or Cisco or Apple. Those are definitely going to be ones that are going to be most targeted because they are everywhere. So making sure that you've got the right tools in place to understand what you've got, what's being targeted and how you're responding to those as quickly as possible. So the number of zero days are increasing. The number of vulnerabilities that are exploited within a very short time after a fix is released is also increasing. So trying to understand how you're responding more quickly to those, this article just gives a good read on what the trends are and what you need to try to prepare for.

TL;DR

  • 32% of exploited vulnerabilities in 2025 are zero-day or one-day exploits, requiring organizations to detect and respond faster than traditional patching cycles allow.
  • CISA's KEV list captures only a fraction of actively exploited vulnerabilities—VulnCheck tracked 432 exploited CVEs in H1 2025 versus 132 on KEV.
  • CMS platforms (especially WordPress plugins) and network edge devices are the most heavily targeted categories, with nation-state actors actively exploiting edge devices.
  • Pre-defining risk appetite and remediation processes before threats emerge allows teams to make faster decisions when zero-days or Patch Tuesday updates arrive.

Defining Risk Appetite for Faster Vulnerability Response

The discussion opens with a strategic framework for getting ahead of vulnerabilities rather than constantly reacting to them. The key recommendation is to pre-define your organization's risk appetite and configure remediation processes accordingly before threats emerge. This means that when Patch Tuesday arrives, a zero-day is disclosed, or browsers release weekly updates, the decisions about deployment timing and methods have already been made. Organizations should evaluate whether high-risk findings need an accelerated track or can be addressed through routine monthly maintenance cycles. Some teams are adopting parallel approaches—maintaining standard monthly patching while running separate weekly priority tracks for items like browser updates that follow continuous release cycles.

Alarming Trends in Exploit Timelines and Attack Surfaces

Data from VulnCheck reveals that 32% of exploited vulnerabilities in 2025 are zero-day or one-day exploits, meaning security teams must detect, prioritize, and respond faster than ever before. Of the 432 new CVEs tracked by VulnCheck in the first half of 2025, only 132 were added to CISA's KEV list—highlighting that relying solely on KEV provides only a subset of actively exploited vulnerabilities. The top five categories being targeted include CMS platforms (86 CVEs, with WordPress plugins being a significant contributor), network edge devices (heavily targeted by nation-state actors), server software (61 CVEs), open source components (55 CVEs), and operating systems (38 CVEs). Large vendors like Microsoft, Cisco, and Apple remain primary targets due to their ubiquity across enterprise environments.

Chapters

0:00 - Introduction to Vulnerability Trends
0:27 - Defining Risk Appetite
1:44 - Zero Day and One Day Exploit Statistics
2:32 - CISA KEV vs. Broader Threat Intelligence
3:51 - Top Targeted Software Categories
5:03 - Network Edge Device Vulnerabilities
6:33 - Key Takeaways and Preparation

Key Quotes

1:44 "... 32% of exploited vulnerabilities in 2025 are zero day or one day exploits."
2:32 "If you're going based on CISA's KEV list, you know, you're only getting a subset of all exploited vulnerabilities that are out there."
2:47 "They do good work. They're trying to prioritize the tip of the iceberg, the worst of the worst, the ones that you absolutely have to take action on soonest. But it's not all of the vulnerabilities that are being exploited."
4:23 "A lot of it is the WordPress plugins. Those plugins can be very risky. Yes, they help you to deliver content more effectively, but many of them can be exploited and are being exploited."

FAQ

Why shouldn't organizations rely solely on CISA's KEV list for vulnerability prioritization?

CISA's KEV list intentionally focuses on the 'tip of the iceberg'—the worst vulnerabilities requiring immediate action. However, VulnCheck tracked 432 exploited CVEs in the first half of 2025 while only 132 made it to KEV. Organizations need additional vulnerability intelligence sources to capture the full scope of actively exploited threats.

What makes CMS platforms and network edge devices particularly challenging to patch?

CMS platforms like WordPress often can't be updated through standard patch management tools because updates may break plugins that generate and present content. Network edge devices require network security team involvement to ensure updates don't disrupt routing, firewall rules, or VPN access—making both categories dependent on specialized personnel rather than automated processes.


Categories:
  • » Webinar Library » Ivanti
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Vulnerability Management
  • Threat Intelligence
  • Security Operations
  • Technical Deep Dive
  • Webinar
  • zero-day vulnerabilities
  • vulnerability management
  • CISA KEV
  • patch management
  • risk-based prioritization
  • CMS security
  • network edge devices
  • WordPress security
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Ivanti: Vulnerability Trends: Zero Days, Exploits & Response Strategies

              Upcoming Webinar Calendar

              • 07/09/2026
                01:00 PM
                07/09/2026
                The HUMAN Experience: Empowering Agentic Trust in Practice
                https://www.truthinit.com/index.php/channel/2026/the-human-experience-empowering-agentic-trust-in-practice/
              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting an Elite Security Team to Achieve Championship-Level Defense
                https://www.truthinit.com/index.php/channel/2025/crafting-an-elite-security-team-to-achieve-championship-level-defense/
              • 07/14/2026
                02:00 PM
                07/14/2026
                Understanding the Crucial Role of Context in AI Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-ai-data/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/21/2026
                01:00 PM
                07/21/2026
                HUMAN Dialogue: Insights from Attackers During the FIFA World Cup
                https://www.truthinit.com/index.php/channel/2029/human-dialogue-insights-from-attackers-during-the-fifa-world-cup/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Strategies for Mastering the DPDP Framework
                https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-for-mastering-the-dpdp-framework/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 07/29/2026
                12:00 PM
                07/29/2026
                Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Becoming Agent Ready: Insights from Cyera's Expertise
                https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jul
                09

                The HUMAN Experience: Empowering Agentic Trust in Practice

                07/09/202601:00 PM ET
                • Jul
                  14

                  Crafting an Elite Security Team to Achieve Championship-Level Defense

                  07/14/202601:00 PM ET
                  • Jul
                    14

                    Understanding the Crucial Role of Context in AI Data

                    07/14/202602:00 PM ET
                    • Jul
                      21

                      Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

                      07/21/202604:00 AM ET
                      • Jul
                        21

                        HUMAN Dialogue: Insights from Attackers During the FIFA World Cup

                        07/21/202601:00 PM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version