FORT MEADE, Md. – Malicious cyber actors are increasingly exploiting zero-day vulnerabilities to compromise enterprise networks, according to an annual Cybersecurity Advisory (CSA) about the top routinely exploited vulnerabilities coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and domestic and foreign partners.
The CSA, “2023 Top Routinely Exploited Vulnerabilities,” details the top 15 Common Vulnerabilities and Exposures (CVEs) collected by the authoring agencies in 2023. Eleven of the 15 CVEs were initially exploited as a zero-day – a vulnerability in a computer system unknown to its owner, developer, and the general public. In contrast, only two of the top exploited vulnerabilities were zero-day in the 2022 report.