āNotably, a number of the incidents Rapid7 teams observed in 2024 where vulnerability exploitation was initially thought to be in scope turned out to instead stem from adversariesā use of compromised credentials, rather than CVE exploitation,ā Caitlin Condon, director of vulnerability intelligence at Rapid7, told CSO.
Where vulnerabilities did lead to breaches, according to Rapid7ās managed detection and response (MDR) team, this resulted from older bugs rather than 0-days.
āA slim majority of vulnerabilities Rapid7 MDR and incident response teams saw exploited in real-world production environments last year were CVEs that were new in 2024 and had known exploits available,ā Condon told CSO. āThe rest of the confirmed CVE exploitation our teams observed against production systems were older vulnerabilities that had previously been used in highly publicized threat campaigns.ā
