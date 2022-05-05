One of the most notable and recent CVEs in 2021, was CVE-2021-44228, also known as Log4J or Log4Shell. Despite only having been publicly disclosed in December, in less than a month the Log4j vulnerability was the second most exploited vulnerability among the top 10 CVEs of 2021.

As previously stated, four out of the top five most exploited vulnerabilities in 2021 were newly identified. When compared to 2020, that number was just two out of the 10. This trend indicates a clear increase in the volume of exploited vulnerabilities that were previously unknown, signifying that the overall attack surface is expanding rapidly.

According to internal data from X-Force, there were 20,790 new vulnerabilities identified in 2021, surpassing the previous record of 19,242 in 2020. Note that these figures represent overall vulnerabilities and are not limited by issued CVEs by MITRE. This sharp increase in vulnerabilities year over year translates to additional attack vectors that threat actors are utilizing to their advantage.