CyberSecurityBoard
Sponsor Register Login

Attackers Automating Vulnerability Exploits with Few Hours of Disclosure

With ransomware collectives and state-backed groups investing heavily in automation, the 2025 Mass Internet Exploitation Report serves as both a warning and a roadmap urging organizations to abandon reactive strategies in favor of real-time, data-driven defense mechanisms. From ransomware campaigns to botnet-driven assaults, adversaries demonstrated alarming efficiency in weaponizing flaws faster than defenders could remediate them, underscoring systemic weaknesses in global patch management strategies. In 2024, attackers operated at machine speed, with researchers observing exploitation attempts for critical vulnerabilities within 4–6 hours of public disclosure. The May 2024 surge, attributed to 12,000+ IPs targeting Android devices via CVE-2023-4863, exemplified how attackers coordinate mass exploitation across geographies and device types. GreyNoise data showed that 67% of ransomware-linked IPs targeted vulnerabilities older than two years, exploiting lagging patch cycles in sectors like healthcare and education. For example, CVE-2014-8361, a Realtek Miniigd UPnP flaw first patched in 2015, remained one of the most targeted entry points, with 41,522 unique IPs observed exploiting it to deploy cryptojacking payloads. Automated Patch Deployment: AI-driven patch management systems reduced mean time to remediation (MTTR) by 58% in early adopters, mitigating risks during critical windows. This economic calculus explains why 32% of observed exploits targeted IoT devices, particularly home routers like the Tenda AC8 (CVE-2023-30891), which suffered 29,620 exploitation attempts. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The LockBit 3.0 syndicate, for instance, weaponized CVE-2023-34362 (a MOVEit Transfer SQLi flaw) within 72 hours of disclosure, breaching 2,300 organizations by exploiting unpatched instances. Similarly, CVE-2016-20016, a 2016 flaw in MVPower CCTV DVRs, allowed attackers to compromise 17,496 devices and exfiltrate footage for extortion campaigns. Legacy System Audits: Organizations must inventory and segment outdated devices, particularly IoT and network infrastructure, to reduce attack surfaces. Despite advances in vulnerability management, legacy systems proved critical weak points.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 03 Mar 2025 12:35:19 +0000


Cyber News related to Attackers Automating Vulnerability Exploits with Few Hours of Disclosure

An Argument for Coordinated Disclosure of New Exploits - There were more than 23,000 vulnerabilities discovered and disclosed. While not all of them had associated exploits, it has become more and more common for there to be a proverbial race to the bottom to see who can be the first to release an exploit ...
1 year ago Darkreading.com
Attackers Automating Vulnerability Exploits with Few Hours of Disclosure - With ransomware collectives and state-backed groups investing heavily in automation, the 2025 Mass Internet Exploitation Report serves as both a warning and a roadmap urging organizations to abandon reactive strategies in favor of real-time, ...
2 months ago Cybersecuritynews.com LockBit CVE-2023-4863
Raspberry Robin malware evolves with early access to Windows exploits - Recent versions of the Raspberry Robin malware are stealthier and implement one-day exploits that are deployed only on systems that are susceptible to them. One-day exploits refer to code that leverages a vulnerability that the developer of the ...
1 year ago Bleepingcomputer.com CVE-2023-36802 CVE-2023-29360
Hackers Exploit Software Flaws within Hours Forcing Urgent Push for Faster Patches - This rapidly shrinking window between vulnerability discovery and active exploitation forces organizations to rethink traditional patching cycles and implement more agile security responses. In April, Microsoft disclosed that a zero-day vulnerability ...
2 weeks ago Cybersecuritynews.com CVE-2025-29824
Should I get CISA Certified? - CISA is possibly the one 'pure' Information systems audit qualification that is recognised anywhere. It has lovely exam questions - and I should know, as I wrote some of them. There are other IT audit certifications - from the IIA's aborted QiCA to ...
1 year ago Securityboulevard.com
Hackers exploit WordPress plugin auth bypass hours after disclosure - Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. If you’re using OttoKit/SureTriggers, upgrade to version ...
1 month ago Bleepingcomputer.com CVE-2025-3102
Why are IT professionals not automating? - These concerns are no different when it comes to certificate automation. Digital certificates are the fundamental building blocks of cybersecurity infrastructure. The number of certificates we use and the way we use them has grown exponentially. Over ...
1 year ago Helpnetsecurity.com
Raspberry Robin devs are buying exploits for faster attacks The Register - Researchers suspect the criminals behind the Raspberry Robin malware are now buying exploits for speedier cyberattacks. An exploit developer is thought by infosec pros to be either on the Raspberry Robin payroll or a close contact that sells them to ...
1 year ago Go.theregister.com CVE-2021-1732 CVE-2023-36802 TA505
Privilege elevation exploits used in over 50% of insider attacks - Elevation of privilege flaws are the most common vulnerability leveraged by corporate insiders when conducting unauthorized activities on networks, whether for malicious purposes or by downloading risky tools in a dangerous manner. A report by ...
1 year ago Bleepingcomputer.com CVE-2017-0213
JetBrains fingers Rapid7 for customer ransomware attacks The Register - Last week, we wrote about how security outfit Rapid7 threw JetBrains, the company behind the popular CI/CD platform TeamCity, under the bus over allegations of silent patching. The software developer published its side of the story at the time, but ...
1 year ago Go.theregister.com
Automating Threat Intelligence Enrichment In Your SIEM With MISP - In conclusion, automating threat intelligence enrichment between MISP and your SIEM using Python is a transformative step for any security operations center. This article explores how to architect, implement, and operationalize automated threat ...
1 month ago Cybersecuritynews.com
Critical Erlang/OTP SSH RCE bug now has public exploits, patch now - Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices. Now that public exploits are available, it is strongly advised ...
1 month ago Bleepingcomputer.com CVE-2025-32433
Exploits released for critical Jenkins RCE flaw, patch now - Multiple proof-of-concept exploits for a critical Jenkins vulnerability allowing unauthenticated attackers to read arbitrary files have been made publicly available, with some researchers reporting attackers actively exploiting the flaws in attacks. ...
1 year ago Bleepingcomputer.com CVE-2024-23897 CVE-2024-23898
What is adaptive multifactor authentication? - Adaptive multifactor authentication is a security mechanism intended to authenticate and authorize users through a variety of contextual authentication factors. Adaptive MFA essentially poses different sets of authentication requirements based on the ...
1 year ago Techtarget.com
23 Vulnerabilities in Black Basta's Chat Logs Exploited in Wild - GreyNoise’s internet-wide telemetry identified exploitation activity for 23 CVEs, including high-severity flaws in Palo Alto Networks PAN-OS, Cisco IOS XE, and Microsoft Exchange Server. These vulnerabilities span enterprise software, security ...
3 months ago Cybersecuritynews.com CVE-2023-36845 CVE-2023-36844 CVE-2023-22515 CVE-2022-26134 CVE-2023-6875 CVE-2021-26855 CVE-2022-41082 CVE-2024-3400 CVE-2024-1709 CVE-2021-44228 CVE-2023-20198 Black Basta
2
GitAuto Strengthens Code Security By Automating QA At Scale - GitAuto directly addresses this gap by identifying sections of code lacking test coverage and autonomously generating appropriate unit and integration tests. Unlike passive suggestion engines such as GitHub Copilot, GitAuto actively monitors CI ...
1 month ago Cybersecuritynews.com
Automating Threat Intelligence: Tools And Techniques For 2025 - Automated threat intelligence leverages artificial intelligence (AI), machine learning (ML), and orchestration platforms to collect, analyze, and act on vast amounts of threat data in real time. These platforms offer features like real-time threat ...
1 month ago Cybersecuritynews.com
Raspberry Robin Jumps on 1-Day Bugs to Nest Deep in Windows Networks - The Raspberry Robin worm is incorporating one-day exploits almost as soon as they're developed, in order to improve on its privilege escalation capabilities. Researchers from Check Point suspect that the developers behind the initial access tool are ...
1 year ago Darkreading.com CVE-2023-36802 TA505
How Healthcare Organizations can use ASPM to Fill CSPM Coverage Gaps and Save Money - In recent years, healthcare organizations have increasingly moved their healthcare information systems applications and infrastructure to the cloud to take advantage of its scalability, flexibility and cost-effectiveness. To mitigate these risks, ...
1 year ago Securityboulevard.com
Cyber Defense Magazine - Across the cybersecurity industry, you can practically feel the vacillation between rapid adoption and unyielding hesitation. Security pros are justifiably tentative about artificial intelligence. Hollywood portrays AI risks as sentient robots who ...
1 year ago Cyberdefensemagazine.com
San Francisco Police's Live Surveillance Yields Almost 200 Hours of Spying-Including of Music Festivals - A new report reveals that in just three months, from July 1 to September 30, 2023, the San Francisco Police Department racked up 193 hours and 19 minutes of live access to non-city surveillance cameras. That means for the equivalent of 8 days, police ...
1 year ago Eff.org
China's MIIT Proposes Color-coded Contingency Plan for Security Incidents - On Friday, China proposed a four-tier classification system, in an effort to address data security incidents, underscoring concerns of Beijing in regards to the widespread data leaks and hacking incidents in the country. This emergency plan comes ...
1 year ago Cysecurity.news
Hackers Gaining Unauthorized Access to Windows Devices Through Silver and BYOVD Exploits - Last summer, cybercriminals began using Sliver as an alternative to Cobalt Strike, using it for monitoring networks, executing commands, loading reflective DLLs, spawning sessions, and manipulating processes. Recently, attacks have been observed ...
2 years ago Heimdalsecurity.com
RCE exploit for Wyze Cam v3 publicly released, patch now - A security researcher has published a proof-of-concept exploit for Wyze Cam v3 devices that opens a reverse shell and allows the takeover of vulnerable devices. Wyze Cam v3 is a top-selling, inexpensive indoor/outdoor security camera with support for ...
1 year ago Bleepingcomputer.com
45k Jenkins servers exposed to RCE attacks using public exploits - Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2023-23897, a critical remote code execution flaw for which multiple public proof-of-concept exploits are in circulation. Jenkins is a leading open-source ...
1 year ago Bleepingcomputer.com CVE-2023-23897

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)