Exploits were observed being weaponised in minutes.

Exploits spiked 657% in browsers.

Exploits spiked 433% in Microsoft Office applications. Web browsers and Office applications have emerged as prime targets. Chrome specifically led all products in known attacks.

Exploits continue to be the most common initial infection vector (33%).

Mobile exploits accounted for 5.9% of the CISA KEV exploits.

Kernel exploits accounted for 5.4% of the CISA KEV exploits.

18.9% of API-related exploits involved legacy APIs, including AJAX backends and URL parameter-based systems.

Over 50% of exploits in CISA’s Known Exploited Vulnerabilities (KEV) report were API-related in 2024, up from 20% in 2023.

Browser exploits accounted for 9.2% of the CISA KEV exploits.

Supply chain exploits accounted for 1.1% of the CISA KEV exploits.