Zero-day exploits increased 46% in H1 2025.

Zero-day exploitation increased 46% in H1 2025.

Publicly-available exploits rose by 179% since the start of 2025.

Exploits were observed being weaponised in minutes.

The most common cybersecurity threats reported include malware (44%) and AI-powered exploits (28%).

Exploits spiked 433% in Microsoft Office applications. Web browsers and Office applications have emerged as prime targets. Chrome specifically led all products in known attacks.

Exploits spiked 657% in browsers.

Exploits continue to be the most common initial infection vector (33%).

18.9% of API-related exploits involved legacy APIs, including AJAX backends and URL parameter-based systems.

Kernel exploits accounted for 5.4% of the CISA KEV exploits.

Over 50% of exploits in CISA’s Known Exploited Vulnerabilities (KEV) report were API-related in 2024, up from 20% in 2023.

Browser exploits accounted for 9.2% of the CISA KEV exploits.

Mobile exploits accounted for 5.9% of the CISA KEV exploits.

Supply chain exploits accounted for 1.1% of the CISA KEV exploits.