Weekly Enterprise Exploitation Trend Report

01-07-2026 to 07-07-2026
The report focuses solely on the exploitation statistics specific to enterprise vendors and their products over the past week, providing valuable insights to prioritize security measures and address emerging threats effectively.
276
276
Actively Exploited Vulnerabilities
118
118
Vendors Actively Exploited
Apache
Apache
Most Exploited Vendor
Microsoft Exchange
Microsoft Exchange
Most Exploited Product
Top 10 Actively Exploited Vendors
1
Apache
2
Ivanti
3
Atlassian
4
Cisco
5
VMware
6
Microsoft
7
Citrix
8
Palo Alto Networks
9
Oracle
10
Adobe
Top 10 CVEs of 2025 with the Highest EPSS Scores -07-07-2026
1
CVE-2024-3400
  • PaloAlto PAN-OS
  • Command Injection
  • EPSS: 0.99999
  • Percentile: 1
2
CVE-2024-23897
  • Jenkins
  • Arbitrary File Read
  • EPSS: 0.99999
  • Percentile: 0.99995
3
CVE-2024-21893
  • Ivanti Connect Secure
  • Privilege Escalation
  • EPSS: 0.99999
  • Percentile: 0.99999
4
CVE-2024-21887
  • Ivanti Connect Secure
  • Command Injection
  • EPSS: 0.99999
  • Percentile: 1
5
CVE-2023-4966
  • Netscaler ADC and Gateway
  • Sensitive Information Disclosure
  • EPSS:0.99999
  • Percentile: 0.99993
6
CVE-2023-44487
  • HTTP/2
  • Denial of Service
  • EPSS: 0.99999
  • Percentile: 0.99996
7
CVE-2023-35082
  • Ivanti EPMM
  • Authentication Bypass
  • EPSS: 0.99999
  • Percentile: 0.99996
8
CVE-2023-35078
  • Ivanti EPMM
  • Authentication Bypass
  • EPSS: 0.99999
  • Percentile: 0.99995
9
CVE-2023-32315
  • Openfire
  • Path Traversal
  • EPSS: 0.99999
  • Percentile: 0.9999
10
CVE-2023-27350
  • OPaperCut NG
  • Authentication Bypass
  • EPSS: 0.99999
  • Percentile: 0.99991
Top Exploited CVEs Against Enterprise Applications
CVE-2022-41082
High
High
High
High
Microsoft
  • Remote Code Injection
  • Exchange
  • Used by Ransomware
    -
    United States
CVE-2023-20198
Critical
Critical
Critical
Critical
Cisco
  • Privilege Escalation
  • Cisco IOS XE
  • -
    United States
CVE-2021-42013
Critical
Critical
Critical
Critical
Apache
  • Path Traversal
  • Apache HTTP Server
  • Used by Ransomware
    -
    China
CVE-2017-9841
Critical
Critical
Critical
Critical
PHPUnit - Sebastian Bergmann
  • Command Injection
  • PHPUnit
  • -
    China
CVE-2026-41940
Critical
Critical
Critical
Critical
cPanel
  • Authentication Bypass
  • cPanel and WHM
  • Used by Ransomware
    -
    United States
CVE-2026-42271
High
High
High
High
LiteLLM
  • Command Injection
  • LiteLLM
  • -
    France
CVE-2025-5777
High
High
High
High
Citrix
  • Out-of-Bounds Read
  • Citrix NetScaler
  • Used by Ransomware
    -
    United States
CVE-2019-1653
High
High
High
High
Cisco
  • Sensitive Information Disclosure
  • Cisco RV320/RV325
  • -
    United States
CVE-2025-55182
Critical
Critical
Critical
Critical
Meta
  • Remote Code Injection
  • React Server Components
  • Used by Ransomware
    -
    United States
CVE-2021-44228
Critical
Critical
Critical
Critical
Apache
  • Remote Code Injection
  • Log4j
  • Used by Ransomware
    -
    United States
Top 10 Targeted Countries
Top 10 Targeted Countries
United States
:
46053
China
:
38054
Pakistan
:
13473
UK
:
6397
Germany
:
5009
India
:
4564
Singapore
:
4109
South Korea
:
3537
Turkey
:
3095
France
:
2914
Actively Exploited Enterprise Vendors
Apache | Ivanti | Atlassian | Cisco | D-Link | VMware | Microsoft | Citrix | Palo Alto Networks | Oracle | Adobe | Fortinet | Draytek | Progress | Netgear | F5 | Zoho | Spring | Geoserver | Wordpress | ZyXEL | JetBrains | QNAP | SysAid | SAP | Realtek | SolarWinds | Jenkins | Synacor | Tenda | Drupal | SonicWall | IBM | Gladinet | Hikvision | CrushFTP | Sonatype | Dassualt Systems | Aviatrix | Juniper | PaperCut | Zimbra | SmarterTools | Dasan | PHPUnit - Sebastian Bergmann | cPanel | LiteLLM | Meta | Zyxel/Billion | Check Point | ConnectWise | Pulse Secure | ownCloud | MobileIron | vBulletin | Micro Focus | Sunhillo | Terramaster | Lime Technology | Open Source Matters, Inc/Joomla community | Laravel | MinIO | TP-Link | Langflow | SaltStack | NextGen Healthcare | Mitel | ForgeRock | CONTEC | Elastic | PrimeFaces | WSO2 | LG | Dahua | Webmin | nostromo | Linear | XWiki | dotCMS | Schneider Electric | Barco/AWIND | Sitecore | ASUS | GLPI (teclib) | Paessler | Fortra | Hitachi Vantara | NAKIVO | PHP Foundation | CyberPanel | Sophos | Roundcube | Metabase | mongo-express | Versa | Yealink | Grafana | Commvault | Rejetto | Node.js | wftpserver.com | FreePBX | Qlik | RedHat | Cacti | Ubiquiti | Telerik | SugarCRM | Cleo | Kentico | Grandstream | Omnissa | Ruckus | GeoVision | Edimax | Wazuh | HPE
Most Active Ransomware Groups
#
Industry
Country
Ransomware
1
1
Telecommunications
Industry
United Kingdom
Country
qilin
2
2
Manufacturing (Test & Measurement)
Industry
United States
Country
shinyhunters
3
3
Aviation
Industry
Germany
Country
safepay
4
4
E-Commerce / Publishing
Industry
United States
Country
the gentlemen
5
5
Government
Industry
United States
Country
ransomhouse
6
6
Security Services
Industry
South Africa
Country
cmd organization
7
7
Construction
Industry
United States
Country
titan
8
8
Agriculture
Industry
United States
Country
genesis
9
9
Research
Industry
India
Country
morpheus
10
10
Technology
Industry
Canada
Country
chaos
Ransomware Posting Frequency by Group - Last 7 Days
Remotely Exploited CISA KEV CVEs Added
These vulnerabilities have been newly added to the Known Exploited Vulnerabilities (KEV) Catalog. Organizations should prioritize addressing them  to mitigate risks.
CVE-2026-45659
CVE-2026-48558
CVE-2026-12569
CVE-2026-20230
CVE-2025-67038
CVE-2026-34910
CVE-2026-34909
CVE-2026-34908
CVE-2026-20253
CVE-2026-48907