Vulnerabilities grew like weeds in 2025, but only 1% were weaponized in attacks | CyberScoop<\/title> <meta name=\"description\" content=\"Too many defenders and researchers are paying attention to defects and unsubstantiated exploit concepts that aren\u2019t worth their time, VulnCheck\u2019s Caitlin Condon said.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/vulncheck-exploited-vulnerabilities-report-2025\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Vulnerabilities grew like weeds in 2025, but only 1% were weaponized in attacks\"> <meta property=\"og:description\" content=\"Too many defenders and researchers are paying attention to defects and unsubstantiated exploit concepts that aren\u2019t worth their time, VulnCheck\u2019s Caitlin Condon said.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/vulncheck-exploited-vulnerabilities-report-2025\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-02-25T13:30:00+00:00\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/vulnerabilities-grew-like-weeds-in-2025-but-only-1-were-weaponized-in-attacks-2.jpg\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1770142553g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1770135364g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1767808656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/87924\"><meta name=\"generator\" content=\"WordPress 6.8.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=87924\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fvulncheck-exploited-vulnerabilities-report-2025%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fvulncheck-exploited-vulnerabilities-report-2025%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-87924 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/vulncheck-exploited-vulnerabilities-report-2025\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.028\">\n<div class=\"single-article__header-content\" readability=\"35.503370786517\">\n<p> Too many defenders and researchers are paying attention to defects and unsubstantiated exploit concepts that aren\u2019t worth their time, VulnCheck\u2019s Caitlin Condon said. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/87924\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/vulnerabilities-grew-like-weeds-in-2025-but-only-1-were-weaponized-in-attacks.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"Creeping plant growing on a brick wall.\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/vulnerabilities-grew-like-weeds-in-2025-but-only-1-were-weaponized-in-attacks-2.jpg 5046w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/vulnerabilities-grew-like-weeds-in-2025-but-only-1-were-weaponized-in-attacks-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/vulnerabilities-grew-like-weeds-in-2025-but-only-1-were-weaponized-in-attacks-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/vulnerabilities-grew-like-weeds-in-2025-but-only-1-were-weaponized-in-attacks-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/vulnerabilities-grew-like-weeds-in-2025-but-only-1-were-weaponized-in-attacks-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/vulnerabilities-grew-like-weeds-in-2025-but-only-1-were-weaponized-in-attacks-2.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/vulnerabilities-grew-like-weeds-in-2025-but-only-1-were-weaponized-in-attacks-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/vulnerabilities-grew-like-weeds-in-2025-but-only-1-were-weaponized-in-attacks-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/vulnerabilities-grew-like-weeds-in-2025-but-only-1-were-weaponized-in-attacks-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/vulnerabilities-grew-like-weeds-in-2025-but-only-1-were-weaponized-in-attacks-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/vulnerabilities-grew-like-weeds-in-2025-but-only-1-were-weaponized-in-attacks-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> Creeping plant growing on a brick wall. (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"55.204746435661\"><body readability=\"114.71105681124\"><\/p>\n<p>Would-be attackers spent 2025 swimming in a sea of more than 40,000 newly published vulnerabilities, VulnCheck said in a <a href=\"https:\/\/wwv.vulncheck.com\/2026-vulncheck-exploit-intelligence-report\">report released Wednesday<\/a>, but only 1% of those defects, just 422, were exploited in the wild.<\/p>\n<p>As the deluge of vulnerabilities grows every year, and CVSS ratings lose significance for vulnerability management prioritization, some defenders are turning to research on known exploited vulnerabilities to narrow their scope of work and place more emphasis on verified risks. <\/p>\n<p>\u201cThe growth in CVE volume is ludicrous, not necessarily unfounded, but it\u2019s large. Defenders don\u2019t know what to pay attention to,\u201d Caitlin Condon, vice president of security research at VulnCheck, told CyberScoop. \u201cPrioritization is still a huge problem.\u201d<\/p>\n<p>Too many defenders and researchers are paying attention to defects and unsubstantiated exploit concepts that aren\u2019t worth their time, Condon added. \u201cThe indicators of risk that used to be semi reliable, now no longer are.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The technologies exploited by attackers are developed and sold by many repeat offenders. Some of the vendors on VulnCheck\u2019s list of the most routinely targeted vulnerabilities enjoy large market shares.<\/p>\n<p>Other vendors, especially those in network edge device space, have been inundated with malicious activity for years and remain the preferred intrusion point for all attacks.<\/p>\n<p>Network edge devices were responsible for 191 of the 672 products impacted by new known exploited vulnerabilities last year, representing 28% of the top targeted technologies in 2025, according to VulnCheck. <\/p>\n<p>\u201cAnything that\u2019s in that position of being at the network edge, guarding access to corporate networks, often in a privileged place for secure communication,\u201d is naturally a large target, Condon said. <\/p>\n<p>This problem is exacerbated by the fact many network devices are running on code bases that haven\u2019t been radically changed in about a decade. Meanwhile, attackers have copies of that software and use fully automated analysis pipelines to quickly identify new vulnerabilities.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cThreat actors are much more organized presently than we all collectively are on defense,\u201d Condon said. Defenders have to assume there\u2019s going to be a new zero-day in any network edge device at any time, and patches will be reversed for exploit development in short order, she added.<\/p>\n<p>Each of the <a href=\"https:\/\/www.vulncheck.com\/2025-routinely-targeted-vulnerabilities\">top 50 vulnerabilities<\/a> VulnCheck flagged in its report were exploited in the wild last year with at least 20 working public exploits, attacks originating from at least two state-sponsored or cybercrime threat groups. The top exploited vulnerabilities were also linked to least one ransomware variant and appeared in at least two instances of known botnet activity.<\/p>\n<p>Four of the 10 most routinely targeted vulnerabilities last year \u2014 <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-53770\">CVE-2025-53770<\/a> and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-53771\">CVE-2025-53771<\/a>, which are variants of previously disclosed vulnerabilities <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-49706\">CVE-2025-49706<\/a> and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-49704\">CVE-2025-49704<\/a> \u2014 were contained in Microsoft SharePoint. All four of the zero-day vulnerabilities were <a href=\"https:\/\/cyberscoop.com\/microsoft-sharepoint-zero-day-attack-spree\/\">exploited en masse<\/a> and initially <a href=\"https:\/\/cyberscoop.com\/microsoft-sharepoint-attacks-400-victims-us-agencies\/\">compromised more than 400 organizations<\/a>, including the Departments of Energy, Homeland Security and Health and Human Services.<\/p>\n<p>VulnCheck confirmed a combined 69 known exploits for the quartet of SharePoint vulnerabilities. Researchers attributed the exploited vulnerabilities to a collective 29 threat groups and 18 ransomware variants, yet the attackers involved likely targeted more than one of the zero-days, resulting in some overlap.<\/p>\n<p>Microsoft topped the list with nine of the 50 routinely targeted vulnerabilities appearing in its products last year. <a href=\"https:\/\/cyberscoop.com\/ivanti-exploited-vulnerabilities-network-edge-devices-kev-list\/\">Ivanti<\/a> was responsible for five, or 10% of the most targeted vulnerabilities last year. Fortinet ranked third on VulnCheck\u2019s list with four vulnerabilities, followed by VMware with three, while SonicWall and Oracle each ranked high on the list with two exploited defects. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The most targeted vulnerability of 2025 belongs to <a href=\"https:\/\/cyberscoop.com\/react2shell-vulnerability-fallout-spreads\/\">React2Shell<\/a>, a maximum-severity defect in React Server Components that racked up 236 valid public exploits before the end of the year, less than a month after it was publicly disclosed by Meta and React. <\/p>\n<p>More than 200 of those public exploits were validated by VulnCheck by mid-December, as Palo Alto Networks Unit 42 confirmed more than 60 organizations were impacted by an initial wave of attacks.<\/p>\n<p>VulnCheck\u2019s research underscores that technology, ultimately in all of its forms, is the problem. <\/p>\n<p>\u201cWe are at a point here where we\u2019re not talking about a single vendor or technology. We are talking about writ large, we are getting creamed. We\u2019ve got to start assessing ruthlessly and immediately how technology needs to evolve to be more resilient to these attacks over the long term,\u201d Condon said. <\/p>\n<p>\u201cWe need to start being much more realistic about the state of our tech and what that means for cybersecurity.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"2.9046104928458\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/vulnerabilities-grew-like-weeds-in-2025-but-only-1-were-weaponized-in-attacks-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/vulncheck-exploited-vulnerabilities-report-2025\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Vulnerabilities grew like weeds in 2025, but only 1% were<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6079,282,78,917,1394,625,4603,5141,46,5684,256,3546,310,288,2587,4136,2281,703,2390,2759],"tags":[6080,286,86,921,1395,630,4605,5142,54,5685,262,4246,311,294,2588,4140,2283,705,2394,2760],"class_list":["post-8381","post","type-post","status-publish","format-standard","hentry","category-common-vulnerability-scoring-system","category-cybercrime","category-cybersecurity","category-fortinet","category-ivanti","category-microsoft","category-microsoft-sharepoint","category-oracle","category-ransomware","category-react2shell","category-research","category-sonicwall","category-technology","category-threats","category-vmware","category-vulncheck","category-vulnerability","category-vulnerability-disclosure","category-vulnerability-management","category-vulnerability-reporting","tag-common-vulnerability-scoring-system","tag-cybercrime","tag-cybersecurity","tag-fortinet","tag-ivanti","tag-microsoft","tag-microsoft-sharepoint","tag-oracle","tag-ransomware","tag-react2shell","tag-research","tag-sonicwall","tag-technology","tag-threats","tag-vmware","tag-vulncheck","tag-vulnerability","tag-vulnerability-disclosure","tag-vulnerability-management","tag-vulnerability-reporting"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/common-vulnerability-scoring-system\/\" rel=\"category tag\">Common Vulnerability Scoring System<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/fortinet\/\" rel=\"category tag\">Fortinet<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ivanti\/\" rel=\"category tag\">Ivanti<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft-sharepoint\/\" rel=\"category tag\">Microsoft SharePoint<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/oracle\/\" rel=\"category tag\">Oracle<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/react2shell\/\" rel=\"category tag\">React2Shell<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/sonicwall\/\" rel=\"category tag\">SonicWall<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vmware\/\" rel=\"category tag\">vmware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulncheck\/\" rel=\"category tag\">VulnCheck<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability\/\" rel=\"category tag\">vulnerability<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability-disclosure\/\" rel=\"category tag\">vulnerability disclosure<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability-management\/\" rel=\"category tag\">Vulnerability Management<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability-reporting\/\" rel=\"category tag\">vulnerability reporting<\/a>","tag_info":"vulnerability reporting","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8381","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8381"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8381\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8381"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8381"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8381"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8381,"date":"2026-02-25T07:30:00","date_gmt":"2026-02-25T13:30:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=87924"},"modified":"2026-02-25T07:30:00","modified_gmt":"2026-02-25T13:30:00","slug":"vulnerabilities-grew-like-weeds-in-2025-but-only-1-were-weaponized-in-attacks","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/02\/25\/vulnerabilities-grew-like-weeds-in-2025-but-only-1-were-weaponized-in-attacks\/","title":{"rendered":"Vulnerabilities grew like weeds in 2025, but only 1% were weaponized in attacks"},"content":{"rendered":"