Exploited vulnerabilities rose 43% in the first three months of the year, fueled by AI-enabled supply chain attacks and a surge in actively exploited zero-day vulnerabilities, according to the latest quarterly threat report by Beazley Security.

More than 15,200 new vulnerabilities were disclosed in Q1, including almost 3,900 classified as high risk. The number of vulnerabilities added to the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerabilities catalog increased 43% compared with Q4 2025. Alongside this, Beazley Security Labs recorded a 15% increase in critical zero-day advisories issued to clients, driven in part by vulnerabilities impacting edge infrastructure such as VPNs and firewalls.

Ransomware incident volumes remained largely stable compared with previous quarters, with activity rebounding in March following a seasonal lull. Compromised credentials continued to dominate as the primary initial access vector, accounting for 74% of ransomware intrusions observed by Beazley Security investigators.

Incident responders also noted an increase in extortion-only attacks, where threat actors exfiltrate data without deploying encryption as a lower-effort tactic that still enables negotiation leverage.

Alton Kizziah, CEO of Beazley Security, said: “The first quarter began quietly and ended with some of the most consequential cyber events we’ve seen in years. What stood out wasn’t just the volume of activity, but the efficiency. Beazley Security Labs researchers have noted how AI-assisted tooling is enabling attackers to scale familiar techniques faster, with broader downstream impact.”

---