Qualys Threat Research Unit: Rise in Common Vulnerabilities and Exposures

The Qualys Threat Research Unit (TRU) has recently released alarming findings that common vulnerabilities and exposures (CVE) have increased by 30% between January and mid-July of 2024. This rise in CVE count, from 17,114 in 2023 to 22,254 in 2024, highlights the growing complexity of software and the widespread use of technology in today’s world.

The analysis conducted by the TRU reveals that a small subset of 0.91% of the reported vulnerabilities have been weaponized, posing a significant risk to cybersecurity. These weaponized exploits are actively being used by threat actors through ransomware, malware, and other malicious activities. Furthermore, there has been a noticeable increase in the weaponization of older CVEs identified before 2024, indicating a concerning trend in cybersecurity threats.

One specific vulnerability that has been trending on the dark web is CVE-2023-43208 NextGen Mirth Connect Java XStream, with a high Qualys Vulnerability Score of 95/100. This vulnerability particularly affects systems used by healthcare organizations, underscoring the importance of proactive cybersecurity measures for critical sectors.

Saeed Abbasi, Product Manager of Vulnerability Research at Qualys TRU, emphasizes the need for businesses to shift towards a more proactive and preventative approach to cybersecurity. By implementing continuous monitoring, rapid patch management, and a deep understanding of evolving threats, organizations can significantly reduce their vulnerability to cyberattacks and protect their critical assets in an interconnected world.

This rise in CVEs serves as a stark reminder for organizations to prioritize cybersecurity and stay ahead of evolving threats in order to ensure trust and resilience in today’s digital landscape.