Summary
As cyber threats continue to evolve at breakneck speed, May emerged as a critical month marked by aggressive exploitation of zero-day vulnerabilities. A total of 25 new vulnerabilities were added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, reflecting a growing trend where attackers rapidly weaponize flaws before patches become widely available. Alarmingly, 15 of these vulnerabilities were exploited as zero-days, highlighting the increasing sophistication and preparedness of threat actors.
Among the most impactful were five Microsoft vulnerabilities, all exploited prior to their disclosure and only addressed during May’s Patch Tuesday updates. Ivanti also found itself in the crosshairs, with two of its flaws leveraged in targeted zero-day attacks, likely part of state-linked espionage operations.
In the physical security space, GeoVision’s surveillance systems were compromised through two exploited vulnerabilities, emphasizing that threats are no longer confined to traditional IT assets. Other affected vendors in this month’s threat landscape included Samsung, Fortinet, Google, Apache, and SonicWall, demonstrating a broad attack surface that spans across cloud, enterprise, and consumer technologies.
Ransomware operators such as Qilin, Play and Akira have significantly intensified their campaigns, with a sharp focus on critical sectors like healthcare, educational, and IT manufacturing. These threat actors are far from random attackers; they utilize sophisticated, coordinated techniques, often chaining multiple vulnerabilities to gain access, establish persistence, and maximize impact.
Subscribe to our Newsletter
%20(1).png)
