32% of Top-Exploited Vulnerabilities Are over a Decade Old

The Talos report underscores a paradox in modern cyber risk: attackers are faster than ever at weaponizing fresh code flaws, yet many organizations remain shackled by decades‑old vulnerabilities. Rapid exploitation of newly disclosed CVEs, such as React2Shell, forces security teams to shrink patch windows and automate remediation pipelines. At the same time, legacy components like Log4j linger in enterprise stacks, often hidden in third‑party libraries or legacy applications, creating a persistent attack surface that outlives vendor support cycles. Bridging this gap requires tighter integration between asset inventory, vendor lifecycle data, and continuous vulnerability scanning.

Identity‑centric attacks dominate the threat landscape, with MFA spray campaigns climbing to 30% of all identity‑related incidents and ransomware groups like Qilin exploiting valid credentials to infiltrate networks. The surge in fraudulent device registrations—up 178% year‑over‑year—highlights the need for stricter enrollment controls and zero‑trust verification for authentication factors. Organizations should enforce multi‑layered credential hygiene, deploy adaptive authentication, and regularly test MFA defenses during low‑activity periods to minimize disruption while validating effectiveness.

Artificial intelligence is reshaping both offense and defense. Attackers leverage AI‑generated phishing content and deepfake impersonation to increase success rates, while defenders deploy machine‑learning models to triage alerts and correlate anomalies across environments. However, AI tools also introduce new risks such as prompt injection and model manipulation. A balanced approach—combining AI‑driven analytics with human expertise, robust governance, and continuous monitoring—will be essential for enterprises aiming to stay ahead of evolving threat actors.