Summary
February 2025 saw a significant surge in newly added vulnerabilities to the CISA Known Exploited Vulnerabilities (KEV) catalog, highlighting increased adversary focus on both newly discovered and legacy flaws across critical software, devices, and open-source platforms. Notably, over 27 vulnerabilities were added to KEV across vendors such as Microsoft, Palo Alto Networks, Apple, Zyxel, and PostgreSQL, with several vulnerabilities exploited as zero-days and some actively abused by malware in ongoing campaigns. The targeted vulnerabilities range from authentication bypass and remote code execution to privilege escalation and command injection, impacting network devices, enterprise applications, and consumer platforms alike. This rapid expansion of the KEV list underscores the urgent need for organizations to prioritize timely patching, enhance detection capabilities, and monitor emerging threats to mitigate evolving exploitation tactics and protect critical assets.
In addition, 15 vulnerabilities were exploited as zero-days in February 2025, underscoring the growing risk from threat actors leveraging unpatched and previously unknown security flaws.
Ransomware groups Clop, Ransomhub and Akira made their presence felt in February 2025, compromising major sectors like healthcare, finance, and manufacturing, underscoring the escalating risk to critical industries.
Subscribe to our Newsletter
%20(1).png)
