Google Mandiant security analysts warn of a worrying new trend of threat actors demonstrating a better capability to discover and exploit zero-day vulnerabilities in software.

Specifically, of the 138 vulnerabilities disclosed as actively exploited in 2023, Mandiant says 97 (70.3%) were leveraged as zero-days.

This means that threat actors exploited the flaws in attacks before the impacted vendors knew of the bugs existence or had been able to patch them.

  • HobbitFoot @thelemmy.club
    link
    fedilink
    English
    arrow-up
    6
    ·
    28 days ago

    That would assume that security was a priority beforehand.

    Google has been known to prioritize new projects over maintaining existing ones. That would generally lead to less defined security architecture as the system is less tested.