Beazley Security Reports 43% Rise in Exploited Vulnerabilities in Q1 2026

Beazley Security announced in a press release that exploited vulnerabilities increased by 43% in the first quarter of 2026, with over 15,200 new vulnerabilities disclosed. Nearly 3,900 were classified as high risk, and additions to the CISA Known Exploited Vulnerabilities catalog rose at the same rate compared with the previous quarter.

Beazley Security Labs recorded a 15% rise in critical zero-day advisories, largely tied to weaknesses in edge infrastructure such as VPNs and firewalls. The quarter saw a surge in AI-assisted attacks, including an autonomous AI agent that scanned public code repositories and exploited misconfigurations without human input. This led to the compromise of Trivy, an open source vulnerability scanner used across the software development sector.

Another major incident involved a hacktivist group linked to Iran that used Microsoft Intune to wipe over 200,000 systems belonging to medical device maker Stryker. The report also detailed an attack by TeamPCP, whose automated AI agent, hackerbot-claw, exploited GitHub CI/CD workflow misconfigurations to infect Trivy with credential-stealing malware, affecting downstream tools such as the open source AI gateway LiteLLM.

Ransomware activity remained steady, with compromised credentials accounting for 74% of initial intrusions. Beazley investigators also noted more extortion-only attacks, where data is stolen but not encrypted, allowing threat actors to demand payment with less effort.