New research finds enterprise application exploitation surged 800% and macOS vulnerabilities jumped more than 1,000% as AI-assisted attacks compress remediation windows

HOUSTON, June 11, 2026 /PRNewswire/ — Action1, a leading provider of autonomous endpoint management (AEM) solutions, today released its third annual 2026 Software Vulnerability Ratings Report, revealing a dramatic acceleration in software vulnerability growth across enterprise environments in 2025 — one that is outpacing the capacity of legacy, schedule-driven patching workflows to contain it.

The report found that total disclosed vulnerabilities increased 92% year-over-year, but the breakdown reveals a more concerning trend. Critical vulnerabilities and privilege escalation vulnerabilities both roughly doubled, while RCE vulnerabilities surged 128%. In other words, the fastest growth occurred in the vulnerability classes most closely tied to real-world compromise, data breaches, and operational disruption.

These findings point to a broader shift in the threat landscape: attackers are exploiting vulnerabilities faster than organizations can remediate them, shrinking response windows from days or weeks to hours. Action1’s analysis reflects that reality. Enterprise application exploitation alone surged 800% in 2025, confirming that the risk is not theoretical but already hitting the platforms organizations depend on most.

“2025 marked a turning point in cybersecurity operations,” said Jack Bicer, Director of Vulnerability Research at Action1. “Attackers are now using AI and automation to accelerate vulnerability discovery and exploitation faster than more organizations can respond. Many enterprises are still patching on human schedules while attackers operate at machine speed.”

The report analyzed vulnerability and exploitation trends across enterprise software, network infrastructure, browsers, operating systems, office productivity tools, databases, mobile platforms, and security software using publicly available CVE and exploitation intelligence sources to surface actionable risk insights for IT and security teams.

Among the report’s most significant findings:

• Enterprise application exploitation surged 800%, making ERP, CRM, collaboration, and operational business platforms some of the fastest-growing attack targets. Platforms like SharePoint, SAP, PeopleSoft, and Adobe Experience Manager saw increased pressure, including from automated vulnerability discovery, zero-days, and chained exploits.
• macOS vulnerabilities increased more than 1,000%, including a 5,600% increase in privilege escalation vulnerabilities, signaling what the report describes as “a structural shift in the threat landscape” as Macs become more deeply embedded across enterprise environments, often without the mature patch management infrastructure commonly deployed for Windows systems.
• Network infrastructure vulnerabilities became the fastest-growing risk category overall, with critical vulnerabilities increasing 235%, RCE vulnerabilities rising 238%, and EoP surging 266%, driven by nation-state targeting, new attack surfaces from major releases, and AI-assisted discovery of long-existing weaknesses.
• Browsers remained one of the most common initial access vectors, with privilege escalation vulnerabilities surging by 183% — increasing the risk that successful code execution within a browser translates into full system compromise.
• Security products themselves increasingly became attack targets in 2025. Vulnerabilities in security software rose 39%, while privilege escalation vulnerabilities jumped 107%, highlighting the growing risk posed by flaws in highly trusted platforms such as identity systems, network security platforms and other enterprise security tools.
• Low-severity vulnerabilities emerged as a rapidly growing attack vector, with attackers increasingly chaining together lower-priority flaws as part of larger multi-stage attacks.

The report also found that organizations relying on manual patching processes, infrequent scan cycles, or delayed maintenance windows are increasingly falling behind operationally as the threat landscape accelerates.

The findings reinforce the growing need for automated, continuous vulnerability remediation workflows capable of reducing exposure windows across operating systems, enterprise applications, network infrastructure, and security tools.

“The threat landscape is no longer just bigger – it’s faster, more automated, and hard to detect,” said Alex Vovk, CEO and Co-Founder of Action1. “Patching speed is no longer simply an IT metric. It’s now a business resilience metric.”

The full Action1 2026 Software Vulnerability Ratings Report is available at: https://www.action1.com/software-vulnerability-ratings-report-2026/

About Action1

Action1 is an autonomous endpoint management platform trusted by many Fortune 500 companies. Cloud-native, infinitely scalable, highly secure, and configurable in 5 minutes—it just works and is always free for the first 200 endpoints, with no functional limits. By pioneering autonomous OS and third-party patching with peer-to-peer patch distribution and real-time vulnerability assessment without needing a VPN, it eliminates routine labor, preempts ransomware and security risks, and protects the digital employee experience.

In 2025, Action1 was recognized by Inc. 5000 as the fastest-growing private software company in America. The company is founder-led by Alex Vovk and Mike Walters, American entrepreneurs who previously founded Netwrix, a multi-billion-dollar cybersecurity company.

Follow the company on LinkedIn, Reddit and X.

View original content to download multimedia:https://www.prnewswire.com/news-releases/action1-report-warns-vulnerability-growth-and-structural-shifts-are-outrunning-legacy-enterprise-patching-302798050.html

SOURCE Action1 Corporation