- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
Passwords Are No Longer the Biggest Risk. Unpatched Systems Are.
Passwords Are No Longer the Biggest Risk. Unpatched Systems Are.
For 19 years, stolen credentials topped every breach report. In the Verizon 2026 DBIR — released this week — that changed.
Vulnerability exploitation is now the #1 breach entry point, accounting for 31% of all confirmed breaches. Credential abuse fell to 13%. This is not a minor shift. It is a structural change in how organizations get compromised, and most security programs have not caught up with it.
The numbers behind the headline make it worse:
Median time-to-patch: 43 days. That is up 34% from last year. Attackers are moving faster; defenders are moving slower. Only 26% of vulnerabilities in CISA's Known Exploited Vulnerabilities catalog were fully remediated in 2025 — down from 38% the year before. The volume of critical flaws organizations had to address was 50% higher in the median case. And 48% of all confirmed breaches involved a third party or supply chain — up 60% year-on-year.
The uncomfortable part: AI is shortening the window on the attacker side. AI-assisted vulnerability exploitation accounted for 32% of AI-aided initial access methods. The gap between disclosure and exploitation is closing while the gap between disclosure and remediation is growing.
Ransomware appeared in 48% of all breaches. The median ransom payment was $139,975 — but victim counts are rising, and the real cost is operational disruption, not the payment itself.
Three things worth checking this week:
How many of your systems are 30+ days behind on patches for known-exploited CVEs?
What percentage of your critical vendors have undergone a security assessment in the past 12 months?
Does your patch prioritization model weight active exploitation (KEV) over theoretical CVSS scores?
The DBIR dataset covers 22,000+ incidents and 12,195 confirmed breaches across 139 countries. This is the most credible baseline in the industry. The 2026 edition is a call to shift patching from a maintenance task to a primary risk control.
Links for a deeper technical dive are in the comments.
Видео Passwords Are No Longer the Biggest Risk. Unpatched Systems Are. канала DIESEC
For 19 years, stolen credentials topped every breach report. In the Verizon 2026 DBIR — released this week — that changed.
Vulnerability exploitation is now the #1 breach entry point, accounting for 31% of all confirmed breaches. Credential abuse fell to 13%. This is not a minor shift. It is a structural change in how organizations get compromised, and most security programs have not caught up with it.
The numbers behind the headline make it worse:
Median time-to-patch: 43 days. That is up 34% from last year. Attackers are moving faster; defenders are moving slower. Only 26% of vulnerabilities in CISA's Known Exploited Vulnerabilities catalog were fully remediated in 2025 — down from 38% the year before. The volume of critical flaws organizations had to address was 50% higher in the median case. And 48% of all confirmed breaches involved a third party or supply chain — up 60% year-on-year.
The uncomfortable part: AI is shortening the window on the attacker side. AI-assisted vulnerability exploitation accounted for 32% of AI-aided initial access methods. The gap between disclosure and exploitation is closing while the gap between disclosure and remediation is growing.
Ransomware appeared in 48% of all breaches. The median ransom payment was $139,975 — but victim counts are rising, and the real cost is operational disruption, not the payment itself.
Three things worth checking this week:
How many of your systems are 30+ days behind on patches for known-exploited CVEs?
What percentage of your critical vendors have undergone a security assessment in the past 12 months?
Does your patch prioritization model weight active exploitation (KEV) over theoretical CVSS scores?
The DBIR dataset covers 22,000+ incidents and 12,195 confirmed breaches across 139 countries. This is the most credible baseline in the industry. The 2026 edition is a call to shift patching from a maintenance task to a primary risk control.
Links for a deeper technical dive are in the comments.
Видео Passwords Are No Longer the Biggest Risk. Unpatched Systems Are. канала DIESEC
Комментарии отсутствуют
Информация о видео
Вчера, 16:00:18
00:00:11
Другие видео канала
Microsoft Patch Tuesday April 2026
Firestarter CISCO
European Cyber Threat Landscape
The Changing Cybersecurity Workforce in 2026
_Legitmate Tool Abuse
Drupal's highly critical flaw
RoadK1ll
Secure Boot Certificates
Strategies for a Leaner Cybersecurity Program
ShinyHunters
Top 5 Cybersecurity News Stories May 08, 2026
Cisco SD-WAN Again
Top 5 Cybersecurity News Stories April 10, 2026
V-Axios
WordPress Plugin Flaw
Windows LPE
BlueHammer AE
V-Lite LLM
NIS 2 Einfach Umsetzen Diesec Webinar Aufzeichnung
18 Years in Your Infrastructure. Cracking Now.
