Patch, track, repeat: The 2025 CVE retrospective

Talos' weekly Threat Source summarizes 2025 vulnerability trends (48,196 CVEs, rising KEVs and AI-related CVEs), reports active incidents including a 15.8M-patient data breach in France and an actively exploited Qualcomm zero-day affecting many chipsets, highlights APT activity (Sloppy Lemming) and multiple malware campaigns (e.g., Dohdoor, UAT-9244) with sample hashes, and provides defensive guidance such as patching, MFA, and enhanced monitoring.