Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector
Verizon’s 2026 DBIR finds vulnerability exploitation has overtaken credential abuse as the leading breach vector, as AI accelerates attacks, patching delays worsen, and ransomware and third-party compromises continue to surge. The post Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector appeared first on SecurityWeek.
Vulnerability exploitation was the most common access vector for data breaches in 2025, the latest installment of Verizon’s annual Data Breach Investigations Report (DBIR) shows.
The number of analyzed security incidents has increased to 31,000. Of these, more than 22,000 were confirmed breaches, nearly double compared to last year’s 12,195 confirmed breaches.
Approximately 31% of the breaches were the result of unpatched vulnerabilities being exploited. Credential abuse, which was the top entry point in last year’s DBIR, accounted for 13% of the breaches.
Related breach coverage
- Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure2026-05-22
Drupal is warning users that it has already seen attempts to exploit CVE-2026-9082 and security firms are seeing attacks against thousands of websites. The post Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure appeared first on SecurityWeek.
- Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking2026-05-21
CVE-2026-9082 can be exploited without authentication for information disclosure, privilege escalation, and remote code execution. The post Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking appeared first on SecurityWeek.
- Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI2026-05-21
More than 200 vulnerabilities patched in recent Chrome releases are marked as ‘reported by Google’. The post Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI appeared first on SecurityWeek.
- Critical Vulnerability Exposes Industrial Robot Fleets to Hacking2026-05-19
The vulnerability, CVE-2026-8153, affects Universal Robots PolyScope 5 and it can be exploited for OS command injection. The post Critical Vulnerability Exposes Industrial Robot Fleets to Hacking appeared first on SecurityWeek.