News

SecAlerts Rewind 2023: Year In Review

Giulio Saggin
Giulio Saggin
Monday, 15 January 2024
SecAlerts Rewind 2023: Year In Review
YIR 2023

In 2023, 28,981 CVEs were published throughout the year. This marked a 15% year-over-year increase from 2022, averaging approximately 80 vulnerabilities daily.

Our most visited CVE page for the year was cve.id/CVE-2023-5072, a Denial of Service vulnerability in JSON-Java. This flaw, discovered by ClusterFuzz, exploited a parser bug, allowing a small input string to trigger extensive memory usage. The severity remains high due to its potential impact on unpatched binaries. The issue has been fixed via this PR.

Top Vulnerability Types in 2023:

In 2023, the cybersecurity landscape witnessed a range of reported vulnerabilities, with the top five types identified by the number of CVEs. Cross-Site Scripting (XSS) led with 5,177 reported CVEs, followed by Memory Corruption with 2,794 instances. Execute Code vulnerabilities accounted for 2,578 CVEs, while Denial of Service (DoS) and SQL Injection vulnerabilities tallied 2,557 and 2,158 CVEs, respectively.

Most popular vulnerability types in 2023
Most popular vulnerability types in 2023

Vendors with Most CVEs:

Google led with 1,749 CVEs, followed by Microsoft with 1,019 reported vulnerabilities. Adobe accounted for 669 CVEs, while Fedora and Apple recorded 502 and 477 CVEs, respectively.

Vendors with the most CVEs 2023
Vendors with the most CVEs 2023

Microsoft Software CVE Counts:

Microsoft Windows Server were all in the top spots for Microsoft software with the most CVE's published.

Micorsoft software with the most CVEs
Micorsoft software with the most CVEs

Apple Software CVE Counts:

MacOS (all versions) took out the top spot for Apple's top 5, with tvOS coming in 5th.

Apple software with the most CVEs 2023
Apple software with the most CVEs 2023

Notable Data Breaches in 2023:

  1. Darkbeam Breach:

    Exposed 3.8 billion records.

  2. Indian Council of Medical Research Breach:

    Compromised 815 million records.

  3. Twitter Breach:

    Affected 220 million records.

  4. MOVEit Breach:

    Involved hundreds of millions of records.

As the number and impact of vulnerabilities and breaches continue to escalate, the importance of proactive defense mechanisms, collaboration across industries, and persistent vigilance against evolving threats cannot be overstated. As the world moves into 2024, these insights serve as crucial lessons in fortifying digital defenses to safeguard against ever-evolving cyber risks.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203