Transcript
are being seen. And if you read my blog from yesterday on Patch Tuesday, I started it off more with talking about, you know, there's a different mindset that we need to get into in getting ahead of vulnerabilities and being able to respond to vulnerabilities more quickly. So I talk about that a little bit in there. And the first thing is really starting to, you know, think through how you define your risk appetite and make sure that you've configured for being able to remediate based on that, on that risk appetite. What this means is you've already made the majority of decisions that need to be made when Patch Tuesday comes around or when there's a zero day or when there's a, a new browser release, you know, cause they're all on a continuous release cycle every week. You already know the answer to when and how those things are going to be deployed. You've made those decisions. So really it's, it's more of a matter of on that, when that new finding comes in, you just need to determine, is there anything of a high risk that needs to take a faster track or do you let it get resolved in the course of your current, you know, routine, you know, maintenance, you know, your once a month maintenance that typically starts around Patch Tuesday or have some of you are already moving towards doing a parallel kind of track where you do your monthly maintenance or routine maintenance that comes around each month and then you have tracks for additional work, like priority updates that you do on a more weekly basis, like the browsers, sitting down and having that thinking through that within your environment will help you trying to get ahead of this type of trend or trend that's going on. So CSO online released this article talking about the fact that 32% of exploited vulnerabilities in 2025 are zero day or one day exploits. So that means that, you know, we are having to detect, prioritize and respond to many of these threats much faster than we've had to in the past. And that number is growing. So there's a pretty good breakdown of some of the trends here and some of the areas that are definitely, you know, getting hit hardest. There were 432 new CVEs tracked by VulnCheck, is the threat intel vendor in this case, that were added to their known exploited vulnerability database in the first half of this year. 132 of those CVEs were added by the U.S. cybersecurity and infrastructure, CISA, to its KEV list. So if you're going based on CISA's KEV list, you know, you're only getting a subset of all exploited vulnerabilities that are out there. I've talked with the team responsible for that CISA KEV list before. They do good work. They're trying to prioritize the tip of the iceberg, the worst of the worst, the ones that you absolutely have to take action on soonest. But it's not all of the vulnerabilities that are being exploited. So like VulnCheck, like our own vulnerability intel, we're tracking a larger number of CVEs that are actively being exploited at any given time. And it's a pretty large order of magnitude difference. So it's always good to look at that and determine, is CISA KEV enough or do you need additional vulnerability intel? Those of you using the Ivanti Neurons for patch management solution, you know that we've got that same vulnerability intel in our risk-based vulnerability management platform is also feeding into the patch catalog in the Neurons patch solution. So you get a lot of that, any of those exploits relating to our products that we support, the products in our catalog, you'll get that known exploited information there. But getting that better understanding of what's actively being exploited is a key part of how we get ahead of these challenges. They also talk about a few other key trends, like what are the larger buckets of devices or types of software vulnerabilities that are being targeted. So far this year, one of the largest is 86 of those stemmed from the CMS platforms that you may be running. So especially if you're using things like WordPress, WordPress was a significant contributor to that 86 CVEs that are in those CMS platforms. And a lot of it is the WordPress plugins. Those plugins can be very risky. Yes, they help you to deliver content more effectively, but many of them can be exploited and are being exploited. So that's the largest bucket is your CMS systems. That unfortunately are pieces of software that typically need to be updated by your web team. They're not solutions that those teams can just use a patch management solution to quickly update because oftentimes, like WordPress, when you update WordPress, you potentially could break a whole bunch of plugins that make all of your content generate and present correctly. So those are a bit more complicated. The second most impacted category were network edge devices. If you were at Black Hat or have seen any of the recent news there, there's a number of different vulnerabilities and nation state level threat actors who are targeting everything from commercial or corporate level devices to commercial home, SOHO type devices. So there's a lot of vulnerabilities in those network edge devices that are being targeted across the industry, pretty much all vendors. There were some recent news from Amber Wolf. They were hitting a few of those vendors pretty hard for not being responsive to vulnerabilities even when they've known about them for a while. So definitely a lot to look at in that network edge device bucket. Again, complex devices that usually need somebody from the network security team to be able to update those devices to ensure that they update and you don't break routing or firewall or other VPN access, any of those types of capabilities. So a lot of times you need people to update those devices. Server software, 61 of those 432 are targeting typical server software that we're running within our environment. Open source was another 55, operating system another 38. So that rounds out kind of the top five categories and that's the majority of those 432 vulnerabilities that are being exploited this year. So yeah, there's definitely a lot. There are certain vendors that are definitely large vendors that we have a lot of instances of in our environments like Microsoft or Cisco or Apple. Those are definitely going to be ones that are going to be most targeted because they are everywhere. So making sure that you've got the right tools in place to understand what you've got, what's being targeted and how you're responding to those as quickly as possible. So the number of zero days are increasing. The number of vulnerabilities that are exploited within a very short time after a fix is released is also increasing. So trying to understand how you're responding more quickly to those, this article just gives a good read on what the trends are and what you need to try to prepare for.