The research, which was shared exclusively with Hackread.com, identifies the specific flaws that have become favourites for hackers. Topping the list is React2Shell<\/a> (CVE-2025-55182<\/a>), which allows attackers to bypass security on popular web platforms. Some groups attempted to use this flaw within hours of its discovery.<\/p>\n Business software is also under heavy fire. Flaws in Microsoft SharePoint (CVE-2025-53770<\/a>) and SAP NetWeaver (CVE-2025-31324<\/a>) were among the most abused. For the SAP flaw, the timeline is surprising because hackers were spotted poking at it in January 2025, three months before it was officially reported.<\/p>\n Many of these attacks are zero-days, which means the victims are hit before a fix is even available. In fact, 56.4% of ransomware-linked flaws were first identified through these surprise attacks.<\/p>\n Jacob Baines, Chief Technology Officer at VulnCheck, noted<\/a> that while the number of targeted flaws is small, “those vulnerabilities are being weaponised faster and at greater scale.”<\/p>\n The report<\/a> also sheds light on who exactly is pulling the strings. China-linked threat actors saw a massive 52% increase in activity last year, even as overall activity from named state groups fell by 13%. Meanwhile, activity from Iranian groups declined. It isn’t just government groups making moves. Notorious ransomware families like Cl0p<\/a>, DragonForce, Earth Lamia, and RomCom<\/a> remain highly active. These groups now specifically target initial access points to steal data more effectively.<\/p>\nGlobal Rivals and Ransomware Gangs<\/strong><\/h3>\n
![\"Report](\"https:\/\/hackread.com\/wp-content\/uploads\/2026\/02\/The-Deadly-1_-How-Hackers-Pick-the-Years-Most-Lethal-Security-Flaws-1024x768.png\")
<\/a><\/figure>\n<\/p><\/div>\n