Hive Pro says 256 vulnerabilities drove most real-world attacks in 2025

By AI, Created 7:15 PM UTC, May 25, 2026, /AGP/ – Hive Pro’s 2026 Global Vulnerability Intelligence Report says cyber defenders are chasing volume instead of real risk, with 48,000 disclosed vulnerabilities in 2025 but only 256 exploited in attacks. The report argues AI is compressing exploit timelines and exposing limits in CVSS-based patching and enterprise change processes.

Why it matters: - Hive Pro says vulnerability management is failing to reflect how attackers actually choose targets. - The gap matters because security teams may spend time patching low-value issues while missing the small set of flaws most likely to be weaponized. - The report says AI is shrinking the time between disclosure and exploitation, raising the pressure on detection, containment and faster decision-making.

What happened: - Hive Pro released its Global Vulnerability Intelligence Report 2026 on May 26, 2026. - Hiveforce Labs built the annual report from its review of the full 2025 vulnerability lifecycle. - The report says more than 48,000 vulnerabilities were disclosed in 2025, but only 256 were exploited in real-world attacks. - The report says 99.5% of published vulnerabilities never saw real-world exploitation. - The report says 95.5% of CVEs were not even exploitable.

The details: - Firewalls, VPNs, endpoint detection and response tools and identity and access management platforms accounted for 15.2% of exploited flaws. - Nearly half of the vulnerabilities exploited were zero-days, meaning attackers began using them before patches were available. - Of 61 attributed CVEs, China-nexus groups accounted for 31 across 25 distinct clusters. - The report says China-nexus actors were responsible for more attributed CVEs than Russia, Iran and North Korea combined. - The report says threat actors are using AI to analyze patches and develop exploits in minutes. - The report says the time between vulnerability disclosure and exploitation shrank from days to minutes in an AI-enabled defense environment.

Between the lines: - The findings point to a structural problem with CVSS-based prioritization, which can reward theoretical severity more than real attacker interest. - The report suggests patching alone is no longer a sufficient defense when exploitation starts before remediation can realistically finish. - Sarfaraz Kazi, chief technology officer and head of Hiveforce Labs, said attackers do not filter by severity; they filter by utility. - Rohit Parchuri, chief information and security officer at Yext, said 40% of exploited CVEs in 2025 were zero-days and that the more useful question is whether controls can detect and contain exploitation. - Shannon Lietz, co-founder and CEO of ThirdScore, said enterprise patch cycles were built for stability, not speed, and now function as an organizational liability.

What’s next: - Hive Pro says the report is intended to help security leaders prioritize the vulnerabilities most likely to be exploited. - The company says defenders should strengthen resilience and adapt security operations to shrinking attack timelines. - Security teams can explore the report further or contact a Hiveforce Labs threat intelligence expert at the company’s announcement. - Hive Pro also shared its LinkedIn page at LinkedIn.

The bottom line: - Hive Pro’s message is that defenders should stop treating every CVE as equal and start focusing on the small set of flaws that attackers can and do weaponize quickly.