32% of top-exploited vulnerabilities are over a decade old

Source: Help Net Security

Author: Sinisa Markovic

URL: https://www.helpnetsecurity.com/2026/03/24/enterprise-vulnerability-exploitation-cybersecurity-threats/

ONE SENTENCE SUMMARY:

Cisco Talos reports attackers weaponize new flaws fast, exploit old vulnerabilities persistently, and target identity, email workflows, and AI-enabled social engineering.

MAIN POINTS:

1. React2Shell became 2025’s most targeted vulnerability shortly after December disclosure.
2. Log4Shell remained heavily exploited, reflecting widespread buried Log4j dependencies since 2021.
3. Embedded components like PHPUnit and ColdFusion hinder patching due to legacy coupling.
4. End-of-life devices comprised nearly 40% of top-targeted vulnerabilities, driving chronic exposure.
5. Ten-year-old vulnerabilities represented 32% of targeting, showing slow enterprise remediation.
6. Widely used frameworks/libraries made up 25% of exploited weaknesses, enabling scalable attacks.
7. Network devices accounted for 23% of impacted vulnerabilities, including VPNs and firewalls.
8. Remote code execution dominated (80% of top 100), enabling access without user interaction.
9. Firmware flaws were 66% of top infrastructure CVEs, while platform software flaws had broader blast radius.
10. Qilin led ransomware leak-site activity (17%), with manufacturing most targeted due to downtime sensitivity.

TAKEAWAYS:

1. Prioritize rapid patching pipelines to counter near-immediate exploitation of newly disclosed vulnerabilities.
2. Reduce long-tail risk by inventorying hidden dependencies and eliminating legacy-coupled components.
3. Replace or isolate end-of-life infrastructure to close vulnerabilities vendors no longer support.
4. Harden identity pathways because ransomware and MFA attacks heavily depend on valid credentials.
5. Protect business email workflows and anticipate AI-enhanced impersonation, spoofing, and manipulation techniques.