Old bugs still exploited

React2Shell rose to the single most‑targeted vulnerability of 2025 just three weeks after disclosure, underscoring Talos’ finding on rapid operationalization of new CVEs. (blog.talosintelligence.com: ) A vulnerability disclosed 12 years ago still ranked seventh on Talos’ Top list, illustrating the longevity of exploitable legacy flaws in enterprise stacks. (blog.talosintelligence.com: ) Log4Shell CVEs remained inside the top 10 most‑targeted vulnerabilities, reflecting ongoing exploitation since their discovery in 2021 and widespread embedding in third‑party integrations. (helpnetsecurity.com: ) Talos reported that nearly 40% of the top‑targeted vulnerabilities affected end‑of‑life devices and called out buried components such as PHPUnit, ColdFusion, and Log4j as common hidden vectors. (helpnetsecurity.com: ) About 25% of the Top‑100 targeted vulnerabilities impacted widely used frameworks and libraries, while 23% directly affected network devices like VPN appliances and firewalls, amplifying single‑vulnerability blast radii. (helpnetsecurity.com: ) Remote code execution made up roughly 80% of the Top‑100 vulnerabilities Talos tracked, and approximately 66% of the top‑50 network‑infrastructure flaws were rooted in device firmware. (helpnetsecurity.com: ) Talos highlighted identity as a central target—attackers used compromised credentials and abuse of identity controls to extend access—and warned threat actors increasingly targeted centralized management platforms to maximize leverage. (blog.talosintelligence.com: helpnetsecurity.com: ) In ransomware leak‑site activity, Talos counted Qilin as the most prolific group in 2025 with 17% of posts, followed by Akira at 10% and Play at 6%, linking exploitation trends to data extortion operations. (helpnetsecurity.com: )