Key Trends in Vulnerability Exploitation and Ransomware: Insights from the 2025 Verizon DBIR

Top Takeaways from the 2025 DBIR Report

The 2025 Verizon Data Breach Investigations Report (DBIR) is here—analyzing 22,052 real-world security incidents and a record 12,195 confirmed data breaches from the past year alone. Flashpoint is proud to have contributed to this year’s report, with Ignite and VulnDB’s data helping inform the report’s deep analysis of vulnerability exploitation trends.

Here are data breach findings that will impact the 2025 cybersecurity landscape:

1. Vulnerability exploitation was the initial access vector in one in five breaches—a 34% year over year increase
2. Supply chain breaches doubled, jumping from 15% to 30%
3. Ransomware featured in 44% of breaches, with 88% targeting small to medium businesses
4. Espionage-motivated breaches rose 163%, overwhelmingly tied to unpatched systems

Top Data Breach Attack Vectors

Vulnerability Exploitation

Vulnerabilities as an initial access vector are on the rise, accounting for 20% of breach events. Within the same time period of the Verizon 2025 DBIR, Flashpoint for its part aggregated 37,691 vulnerabilities, with over 36% of them having publicly available exploit code.

Leveraging these exploits and zero-days, threat actors targeted vulnerable devices and virtual private networks to gain a foothold within victim systems. Despite global efforts to patch known weaknesses, the report showed that only 54% of vulnerable devices were fully remediated within the year, taking organizations a median of 32 days to patch.

However, in espionage-motivated breaches involving advanced persistent threats and state actors, vulnerability exploitation as an initial access vector jumped to 70%, further demonstrating the risk of deploying unpatched systems.

Supply Chain Risk

Affected third-parties were responsible for 30% of all breach events, further highlighting the importance of supply chain security. Key cybersecurity events such as the exploitation of MOVEit clearly show the dangers of a supply chain vulnerability; where one weakness can quickly circumvent security controls and impact affiliated organizations.

Aside from vulnerability exploits, organizations must also consider the use of compromised credentials, a vector exacerbated by the use of information-stealing malware. According to the report, the median time to remediate credential reuse in a third-party environment was 94 days.

Ransomware

“Regardless how we classify it, it’s definitely not a controversial statement to say that Ransomware is a scourge of our lives as stewards of our organization’s security.”

Verizon 2025 DBIR

Ransomware continues to be a prevalent and dangerous threat to organizations, being present in 44% of all breach events reviewed by the 2025 DBIR. However, an interesting trend discussed in the report shows that ransomware is disproportionally affecting small to medium businesses (SMBs).

Findings show that SMBs experienced 88% of ransomware-related breaches, breaking a common misconception that ransomware groups only target large corporations. According to the report, ransomware groups no longer discriminate based on the size of their victim. Instead, they simply adjust their ransom demands accordingly.

Download the Verizon 2025 DBIR Report

The Verizon 2025 Data Breach Investigations Report focuses on the analysis of anonymized cybersecurity incident data from almost a hundred data contributors. Download the report today for more analysis on how to proactively protect your organization from cybersecurity threats.

About Flashpoint

Flashpoint is the leader in threat data and intelligence and is a proud contributor to the Verizon 2025 Data Breach Investigations Report.

We empower mission-critical businesses and governments worldwide to decisively confront complex security challenges, reduce risk, and improve operational resilience amid fast-evolving threats. Through the Flashpoint Ignite platform, we deliver unparalleled depth, breadth and speed of data from highly relevant sources, enriched by human insights. Our solutions span cyber threat intelligence, vulnerability intelligence, geopolitical risk, physical security, fraud and brand protection. The result: our customers safeguard critical assets, avoid financial loss, and protect lives. Contact us to learn more.