This report provides insight into which vulnerabilities in 2019, across multiple CVE years, were most exploited on criminal underground sources. As in 2018, Recorded Future observed more exploits targeting Microsoft products than Adobe products in 2019. Eight out of 10 vulnerabilities exploited via phishing attacks, exploit kits, or remote access trojans (RATs) impact Microsoft products. Four of these vulnerabilities impact Internet Explorer. Despite experiencing a drop in browser usage, Internet Explorer is still running in many enterprise environments, making it a top target for threat actors. Only two Adobe Flash vulnerabilities made the top 10, likely due to a combination of better patching and Flash Player’s impending demise in 2020.

Download here to learn more.