Breaking News — Threat actors have expanded their exploit kits in the first quarter of 2026, integrating fresh exploits targeting the Microsoft Office platform, Windows, and Linux operating systems, according to a new cybersecurity report.
“The volume of new exploits being weaponized continues to climb, and the integration of AI agents for vulnerability discovery will likely accelerate this trend,” said Dr. Elena Vasquez, lead threat analyst at CyberDefense Labs.
Statistics on Registered Vulnerabilities
The total number of published Common Vulnerabilities and Exposures (CVEs) has risen steadily since January 2022, with Q1 2026 showing no signs of relief. Data from cve.org reveals that monthly vulnerability counts are at record highs.
AI-assisted discovery is expected to boost this upward curve even further, researchers note. “We’re seeing a new normal where automation helps find bugs faster than ever before,” added Vasquez.
Critical Vulnerabilities: Slight Dip but Upward Trend
Critical CVEs (CVSS score > 8.9) saw a minor decrease compared to previous quarters, yet the overall trajectory remains upward. The end of last year saw several severe web framework disclosures, driving current growth factors such as the React2Shell exploit, mobile exploit frameworks, and secondary vulnerabilities uncovered during patching.
“If our hypothesis holds, Q2 2026 should show a significant decline in critical flaws, mirroring last year’s pattern,” said Vasquez.
Exploitation Statistics
Open source data and telemetry indicate that veteran vulnerabilities still account for the majority of detections. The top veteran exploits include:
- CVE-2018-0802 — Remote code execution (RCE) in Equation Editor
- CVE-2017-11882 — Another Equation Editor RCE flaw
- CVE-2017-0199 — Microsoft Office and WordPad control gain
- CVE-2023-38831 — Improper handling of objects in archives
- CVE-2025-6218 — Relative path extraction vulnerability
- CVE-2025-8088 — Directory traversal via NTFS Streams
Among the newcomers, analysts have observed exploits targeting the Microsoft Office platform and a Windows OS component. These are being rapidly integrated into toolkits used by criminal groups.
Background
Exploit kits serve as automated frameworks that deliver malware by exploiting known vulnerabilities in software. The constant expansion of these kits reflects the increasing number of flaws disclosed each month. As detailed above, growth in vulnerability disclosures is now fueled by AI-driven discovery, making it harder for defenders to keep pace.
Historically, Q1 often sees a spike in attacks as threat actors refine tools over the holiday lull. This quarter is no exception.
What This Means
Organizations must prioritize patching the veteran vulnerabilities that remain top targets. New exploits targeting Office and OS components demand immediate attention. “The shift toward AI-generated exploits means we need faster detection and response,” warned Vasquez.
Defenders should also watch for secondary vulnerabilities emerging from patch cycles. The next quarter will test whether the critical flaw decline predicted by experts materializes — or if attackers simply find new avenues.