32% Of Top-Exploited Vulnerabilities Are Over A Decade Old
Help Net Security, Tuesday, March 24th, 2026
Exploitation timelines continued to compress in enterprise environments, with newly disclosed flaws reaching active use almost immediately and older weaknesses remaining active years after disclosure.
Findings from Cisco Talos' 2025 Year in Review show how attackers combined rapid weaponization with long-term exposure spanning infrastructure, identity systems, and user workflows.
Top-targeted vulnerabilities show speed and persistence
Newly disclosed vulnerabilities moved into active exploitation with little delay. React2Shell became the most targeted vulnerability of 2025 despite being released in December, illustrating how quickly attackers operationalize new flaws.