Provides key insights into how resurgent flaws pose a critical threat to organizational security
Washington, DC – April 23, 2025 – GreyNoise Intelligence, the cybersecurity company providing the most actionable intelligence on perimeter threats, today released a research report revealing an emerging class of cybersecurity vulnerabilities based on their resurgent exploitation patterns. The research report, entitled “A Blindspot in Cyber Defense: How Resurgent Vulnerabilities Jeopardize Organizational Security,” provides key insights into how older resurgent flaws are being opportunistically exploited on a global level by threat actors, posing a critical threat to organizational security. It also provides recommendations on what defenders and policymakers can do to protect their respective organizations and nations.
Resurgent vulnerabilities pose an unorthodox threat to cyber defense, complicating how defenders patch vulnerabilities and detect emerging threats. Older flaws can be exploited after extended periods of inactivity, following unique behavioral patterns across three distinct categories. GreyNoise Intelligence’s research shows that resurgent vulnerabilities disproportionately impact edge technologies — systems that attackers use for initial access and persistence in networks — creating an urgent need for proactive mitigation strategies.
“Resurgence is a serious risk — some of the bugs we studied go dark for years before suddenly being exploited,” said Bob Rudis, VP of Data Science at GreyNoise Intelligence. "These vulnerabilities rarely make news headlines. Instead, they are older flaws that were likely deprioritized years ago but quietly became relevant again as attacker interest returned.”
To better understand the nature of resurgent vulnerabilities, GreyNoise Intelligence analyzed a dataset of known exploited vulnerabilities in internet-exposed systems published between 2010 and 2020. These vulnerabilities were then categorized based on their resurgence patterns. Key findings from the research include:
- Resurgent vulnerabilities fall into three distinct behavioral categories: Utility, Periodic, and Black Swan. Each category has unique exploitation patterns, with Black Swan being the most unpredictable.
- Over half of the top exploited resurgent CVEs and nearly 70% of Black Swan vulnerabilities affect edge technologies, such as routers and VPNs — the very technologies attackers use for initial access and persistence.
- Some CVEs are first exploited years after disclosure, creating long-standing blind spots in many patching programs.
- Resurgent exploitation often arrives without warning, underscoring the need for adaptive patch management and dynamic blocking strategies that account for dormant but dangerous vulnerabilities.
- Government and private threat intelligence providers have reported state-sponsored exploitation of old vulnerabilities. GreyNoise Intelligence continues to observe widespread opportunistic activity against many of the same flaws.
With a global network of sensors emulating thousands of perimeter assets, GreyNoise Intelligence specializes in observing, analyzing, and classifying internet activity in near real-time. The GreyNoise Global Observation Grid tracks attacker behaviors by monitoring interactions between threat actors and its deception sensors. Unlike threat intelligence providers that collect data from traditional sources, GreyNoise Intelligence's threat intelligence is entirely generated from the interaction between attackers and these sensors. This ensures the intelligence is always near real-time and verifiable.
To request a copy of the GreyNoise Intelligence report “A Blindspot in Cyber Defense: How Resurgent Vulnerabilities Jeopardize Organizational Security,” please visit: https://www.greynoise.io/resources/how-resurgent-vulnerabilities-jeopardize-organizational-security.
About GreyNoise Intelligence
GreyNoise empowers the security teams of enterprises and global governments to act with speed and confidence by providing real-time, verifiable perimeter-based threat intelligence. This allows security teams to reduce noise in security operations, perform in-depth threat hunting campaigns, and focus on the most critical threats to their network. Our patented sensor technology enables us to collect and analyze unique threat data at-scale that no one else can. We provide the most actionable threat intelligence against mass internet scanning and exploitation, so that no attack works twice. For more information, please visit https://www.greynoise.io/, and follow us on Twitter, Mastodon and LinkedIn.
