Kaspersky Report Finds Rising Exploit Activity Targeting Linux and Windows Users in 2025
A new report from global cybersecurity company Kaspersky has revealed a surge in exploit activity targeting both Linux and Windows users during the first half of 2025, compared with the same period in 2024. The findings coincide with an overall increase in reported vulnerabilities, according to data from cve.org, as attackers increasingly rely on exploits to gain unauthorized access to systems.
Exploits — malicious programs designed to take advantage of bugs or vulnerabilities in applications or operating systems — remain a critical tool for cybercriminals. Kaspersky’s research shows that exploits targeting operating system vulnerabilities accounted for 64% of all cases in Q2 2025, up sharply from 48% in Q1. Exploits affecting third-party applications represented 29%, while browsers accounted for 7%.
The report highlighted notable growth in threats faced by Linux users. In Q2 2025, the number of Linux users encountering exploits was more than 50 points higher than in Q2 2024, while Q1 2025 figures were nearly double those of the same period in 2024. Windows users also experienced a steady increase, with encounters up 25 points in Q1 2025 year-on-year, and 8 points higher in Q2 2025 compared with Q2 2024.
“Attackers increasingly use methods to escalate privileges and exploit weaknesses in digital systems,” said Alexander Kolesnikov, security expert at Kaspersky. “As the number of vulnerabilities continues to grow, it is very important to prioritize patching known vulnerabilities and use software that can mitigate post-exploitation actions. CISOs should also focus on detecting and neutralizing command-and-control implants that attackers deploy on compromised systems.”
According to cve.org, the number of critical vulnerabilities and overall registered CVEs (Common Vulnerabilities and Exposures) has surged in 2025. While around 2,600 CVEs were reported monthly at the beginning of 2024, the figure has risen to more than 4,000 per month in 2025.
To mitigate risks in this evolving threat landscape, Kaspersky recommends organizations:
Investigate vulnerability exploits within secure virtual environments.
Maintain 24/7 infrastructure monitoring, especially on network perimeters.
Implement robust patch management processes, supported by tools like Kaspersky Vulnerability Assessment and Patch Management and the Kaspersky Vulnerability Data Feed.
Deploy advanced endpoint security solutions such as Kaspersky Next to detect and block malicious software, while reinforcing defenses with incident response tools, employee training programs, and regularly updated cyberthreat intelligence.
The findings are detailed in Kaspersky’s latest report, Exploits and Vulnerabilities in Q2 2025.
About Kaspersky
Founded in 1997, Kaspersky is a global cybersecurity and digital privacy company, protecting over a billion devices worldwide. Its portfolio spans consumer digital life protection, specialized security products for enterprises, and Cyber Immune solutions designed to defend against sophisticated threats. With nearly 200,000 corporate clients, Kaspersky continues to leverage its deep threat intelligence to safeguard individuals, businesses, critical infrastructure, and governments. Learn more at www.kaspersky.com. Pi