In March 2025, Broadcom disclosed three exploited vulnerabilities that impacted their VMware products. Alarmingly, the company also shared evidence that all three vulnerabilities had been exploited prior to this public disclosure, leaving teams scrambling for solutions and to shore up their security.
The threat landscape is rapidly evolving with surging vulnerability volumes that increasingly serve as initial access points for bad actors. According to the 2025 Verizon Data Breach Investigations report, there was a 34% year-over-year increase in breaches that stemmed from vulnerability exploitation—now accounting for 20% of all successful attacks, surpassing phishing (16%).
Today’s security organizations are inundated with data, alerts, potential threats, and both known and unknown vulnerabilities. NIST is already reporting a record number of Common Vulnerabilities and Exposures (CVEs) this year, with 36,107 new vulnerabilities added to the now more than 318,887 total CVEs in the National Vulnerability Database (NVD) as of November 2025. Ultimately, security teams carry the heavy responsibility of evaluating and prioritizing which of the thousands of vulnerabilities should be deemed severe criticality exposures that require patching and immediate resolution to keep their environments secure.
The Challenges of Vulnerability Prioritization
Vulnerability prioritization is a function of the cybersecurity team to identify, contextualize, and prioritize emerging vulnerabilities and exploits in real time. Teams can leverage insights into attacker behavior, exploit trends, and additional threat context to assess exposure and take preemptive action before threats are weaponized.
Within the day-to-day of vulnerability management, security teams face numerous complex challenges:
Information overload
Security teams are inundated with alerts and noise coming from a broad range of tools intended to help. One report estimates the average number of alerts that security teams field has risen to 2,000 per day—or one every 42 seconds. It becomes challenging, if not near impossible, to determine which alerts, threats, and vulnerabilities to prioritize. In fact, 67% of teams now say they receive more alerts than they can effectively investigate.
Balancing security and IT
Complicating matters internally at many organizations, the role of identifying and prioritizing vulnerabilities, and the role of patching vulnerabilities, are two separate functions—cybersecurity and IT, respectively—each with overlapping, and often competing, strategic priorities between cyber resilience and operational performance and uptime. The vulnerability management team flags potential risk areas that require a patch, and the IT team issues the patch. However, patching requires downtime, which impacts consumers. This creates friction as the teams try to balance consumer disruption with ensuring the product isn’t vulnerable to an attack.
Vulnerability disclosure gaps
Threat actors aren’t waiting for public disclosure before they exploit a vulnerability, as highlighted above in the case of Broadcom’s zero-day vulnerabilities. Only 15% of known exploited vulnerabilities (KEVs) were remediated 30 days after first patch availability. Meanwhile, it takes an average of 15 days to publish a new vulnerability in the National Vulnerabilities Database (NVD).
Volume of vulnerabilities
Even security teams that utilize vulnerability management tools for cyber threat exposure management can be overwhelmed with emerging threats. While these tools scan the environment, identify potential vulnerabilities, and help manage the process, the sheer amount of vulnerabilities and critical patches that need to be deployed requires strategic prioritization.
Real-Time Threat Intelligence Meets Vulnerability Prioritization
Organizations need a more proactive approach to prioritizing and mitigating truly critical vulnerabilities that attackers are actively working to exploit. Dataminr’s AI-native intelligence platform provides real-time, actionable threat intelligence at unprecedented speed and scale, helping security teams discover exploitation and take decisive action to preempt and patch vulnerability exposures before it’s too late.
Utilizing the full spectrum multimodal fusion AI, generative AI, and agentic AI, along with 55+ LLMs, and more than 1.1 million public data sources, Dataminr Pulse for Cyber Risk identifies potential threats and other early malicious activity surrounding specific vulnerabilities from the earliest signals—often hours or days before traditional sources. This offers security teams valuable visibility, planning time, and reduced exposure.
Read more: CVE-2025-64446: Fortinet FortiWeb Zero Day
Organizations that continue to rely on dated, reactive security solutions will struggle in today’s security landscape. With increasingly sophisticated threats, real-time intelligence is key to mitigating and preventing attacks and getting ahead of potential threat actors before they strike.
