Blog

Key Trends in Vulnerability Exploitation and Ransomware: Insights from the 2025 Verizon DBIR

Flashpoint, an official contributor to the 2025 Verizon Data Breach Investigations Report (DBIR), breaks down the key findings that Verizon finds are shaping the threat landscape.

Default Author Image
Flashpoint
April 23, 2025
Table Of Contents
Table of Contents
Top Takeaways from the 2025 DBIR Report
Top Data Breach Attack Vectors
Download the Verizon 2025 DBIR Report
About Flashpoint
Frequently Asked Questions (FAQs)
More
subscribe to our newsletter

Top Takeaways from the 2025 DBIR Report

The 2025 Verizon Data Breach Investigations Report (DBIR) is here—analyzing 22,052 real-world security incidents and a record 12,195 confirmed data breaches from the past year alone. Flashpoint is proud to have contributed to this year’s report, with Ignite and VulnDB’s data helping inform the report’s deep analysis of vulnerability exploitation trends.

Here are data breach findings that will impact the 2025 cybersecurity landscape:

  1. Vulnerability exploitation was the initial access vector in one in five breaches—a 34% year over year increase
  2. Supply chain breaches doubled, jumping from 15% to 30%
  3. Ransomware featured in 44% of breaches, with 88% targeting small to medium businesses
  4. Espionage-motivated breaches rose 163%, overwhelmingly tied to unpatched systems

Top Data Breach Attack Vectors

Vulnerability Exploitation

Vulnerabilities as an initial access vector are on the rise, accounting for 20% of breach events. Within the same time period of the Verizon 2025 DBIR, Flashpoint for its part aggregated 37,691 vulnerabilities, with over 36% of them having publicly available exploit code.

Leveraging these exploits and zero-days, threat actors targeted vulnerable devices and virtual private networks to gain a foothold within victim systems. Despite global efforts to patch known weaknesses, the report showed that only 54% of vulnerable devices were fully remediated within the year, taking organizations a median of 32 days to patch.

However, in espionage-motivated breaches involving advanced persistent threats and state actors, vulnerability exploitation as an initial access vector jumped to 70%, further demonstrating the risk of deploying unpatched systems.

Supply Chain Risk

Affected third-parties were responsible for 30% of all breach events, further highlighting the importance of supply chain security. Key cybersecurity events such as the exploitation of MOVEit clearly show the dangers of a supply chain vulnerability; where one weakness can quickly circumvent security controls and impact affiliated organizations.

Aside from vulnerability exploits, organizations must also consider the use of compromised credentials, a vector exacerbated by the use of information-stealing malware. According to the report, the median time to remediate credential reuse in a third-party environment was 94 days.

Ransomware

Regardless how we classify it, it’s definitely not a controversial statement to say that Ransomware is a scourge of our lives as stewards of our organization’s security.”

Verizon 2025 DBIR

Ransomware continues to be a prevalent and dangerous threat to organizations, being present in 44% of all breach events reviewed by the 2025 DBIR. However, an interesting trend discussed in the report shows that ransomware is disproportionally affecting small to medium businesses (SMBs).

Findings show that SMBs experienced 88% of ransomware-related breaches, breaking a common misconception that ransomware groups only target large corporations. According to the report, ransomware groups no longer discriminate based on the size of their victim. Instead, they simply adjust their ransom demands accordingly.

Download the Verizon 2025 DBIR Report

The Verizon 2025 Data Breach Investigations Report focuses on the analysis of anonymized cybersecurity incident data from almost a hundred data contributors. Download the report today for more analysis on how to proactively protect your organization from cybersecurity threats.

About Flashpoint

Flashpoint is the leader in threat data and intelligence and is a proud contributor to the Verizon 2025 Data Breach Investigations Report.

We empower mission-critical businesses and governments worldwide to decisively confront complex security challenges, reduce risk, and improve operational resilience amid fast-evolving threats. Through the Flashpoint Ignite platform, we deliver unparalleled depth, breadth and speed of data from highly relevant sources, enriched by human insights. Our solutions span cyber threat intelligence, vulnerability intelligence, geopolitical risk, physical security, fraud and brand protection. The result: our customers safeguard critical assets, avoid financial loss, and protect lives. Contact us to learn more.

Frequently Asked Questions (FAQs)

What role did Flashpoint play in the 2025 Verizon DBIR?

Flashpoint was an official contributor to the 2025 Verizon DBIR, providing critical data from the Flashpoint Ignite platform and VulnDB to help analyze global threat trends. Flashpoint’s specialized intelligence on vulnerability exploitation and threat actor behavior provided the “ground-truth” data needed for the report’s deep dive into how modern breaches occur.

Flashpoint ContributionImpact on the 2025 DBIR
Vulnerability DataHelped track the 34% YoY increase in vulnerability exploitation breaches.
Exploit IntelligenceIdentified the 36% of vulnerabilities that have publicly available exploit code.
Credential MonitoringInformed the analysis of how infostealer malware fuels supply chain risk.

How does Flashpoint VulnDB help prevent the exploitation trends seen in the DBIR?

Flashpoint VulnDB helps prevent exploitation by providing organizations with comprehensive visibility into vulnerabilities that are often missed by public sources. While the DBIR shows that many devices go unpatched for over a month, Flashpoint VulnDB delivers actionable intelligence an average of two weeks faster than the NVD. This allows security teams to identify and remediate flaws before they are used as an initial access vector.

  • Non-CVE Coverage: Monitors over 100,000 vulnerabilities that public databases do not track.
  • FP KEV Tags: Specifically identifies which vulnerabilities are actively being exploited in the wild.
  • Remediation Context: Provides technical notes to help teams patch systems faster and more accurately.

Why is Flashpoint’s supply chain intelligence vital for 2025?

Flashpoint’s supply chain intelligence is vital because third-party breaches have doubled to 30% of all security events. Flashpoint Ignite allows organizations to monitor for compromised credentials and vulnerabilities within their vendor ecosystem. By tracking illicit forums and dark web marketplaces, Flashpoint helps teams identify when a partner has been breached long before a median 94-day remediation window expires.

Supply Chain FactorFlashpoint Strategic Advantage
Vendor BreachesAlerts organizations when their data is leaked from a third-party system.
Credential ReuseDetects stolen vendor logins that could lead to lateral movement.
Critical FlawsFlags high-impact vulnerabilities (like MOVEit) across the entire supply chain.

Request a demo today.

Request a Demo

Contact Sales