Threat groups exploiting resurgent vulnerabilities

Threat groups exploiting resurgent vulnerabilities

Dive Brief:

  • Threat groups from across the globe are increasingly weaponizing older vulnerabilities for exploitation, according to a report released Wednesday by GreyNoise Intelligence
  • More than half of these resurgent vulnerabilities affect edge technologies, the report shows. Nearly seven out of 10 of the most unpredictable vulnerabilities — known as Black Swan vulnerabilities — affect edge technologies.
  • Almost 40% of Black Swan vulnerabilities specifically affect VPNs and routers, according to the report.

Dive Insight:

Resurgent vulnerabilities pose a unique risk to organizations because they often reappear years after their initial disclosure and allow threat groups to take advantage of CVEs that were overlooked by most customers. In many cases, the products are considered by vendors as out of service and, thus, no longer receive security upgrades.

“Threat actors exploit these “forgotten” vulnerabilities because they are well-documented, easy to weaponize and often lack monitoring by defenders,” Bob Rudis, VP data science at GreyNoise, told Cybersecurity Dive. 

There are multiple reasons why threat groups target older CVEs, according to Rudis:

Many organizations fail to patch older vulnerabilities due to a lack of awareness, operational complexity or the use of legacy infrastructure, he said. Ghost ransomware in 2025 was found to exploit a path traversal flaw in Fortinet tracked as CVE-2018-13379.

Many organizations still use end-of-life software or hardware — for example, a vulnerability in Dasan GPON home routers tracked as CVE-2018-10561 that allowed attackers to bypass authentication. 

Finally, older exploits are cheaper to buy on dark web markets. For example, Kinseng malware operators use older PHPUnit vulnerabilities, tracked as CVE-2017-9841, to conduct cryptojacking and target misconfigured servers that were never updated.

The exploitation of older vulnerabilities is not a brand-new phenomenon, however. Threat groups have actively targeted older CVEs for many years.

About 40% of vulnerabilities exploited in 2024 were originally from 2020 or prior years


Source link