• Request consultation
  • Newsletter
  • Deutsch Deutsch German de
  • English English English en
  • Italiano Italiano Italian it
  • Nederlands Nederlands Dutch nl
Greenbone
  • Products
    • OPENVAS BASIC
      • OPENVAS BASIC: Order
    • OPENVAS SCAN
    • Upcoming Solutions
      • OPENVAS SECURITY INTELLIGENCE
      • OPENVAS AI
    • Solutions for Your Sector
      • Educational Sector
      • Healthcare Sector
      • Public Sector
    • Technology
      • Feed Comparison
      • Product Comparison
        • OPENVAS vs. Nessus
      • Roadmap & Lifecycle
  • Service & Support
    • Technical Support
    • Self-Learning Courses
    • Documents
  • Events
    • Cybersec Europe 2026
    • Webinars
  • Partners
    • MSSP
  • About Greenbone
    • Careers
    • Contact
  • Blog
    • Know-how
      • Attack Vector Timeline
      • Cyberattacks and Defense
      • Cyber Defense Security
      • Cyber Resilience Act
      • Data Security
      • Digital Operational Resilience Act
      • Exposure Management
      • IT and Information Security
      • NIS2 Directive
      • Open Source Vulnerability Management
      • The Vulnerability Timeline
  • Click to open the search input field Click to open the search input field Search
  • Menu Menu
  • Products
    • OPENVAS BASIC
      • OPENVAS BASIC: Order
    • OPENVAS SCAN
    • Upcoming Solutions
      • OPENVAS SECURITY INTELLIGENCE
      • OPENVAS AI
    • Solutions for your sector
      • Educational Sector
      • Healthcare Sector
      • Public Sector
    • Technology
      • Feed Comparison
      • Product Comparison
        • OPENVAS vs. Nessus
      • Roadmap and Lifecycle
    • Request IT Security
  • Service & Support
    • Technical Support
    • Self-Learning Courses
    • Documents
  • Events
    • Cybersec Europe 2026
    • Webinars
  • Partners
    • MSSP
  • About Greenbone
    • Careers
    • Contact
    • Newsletter
  • Our Blog
    • Know-how
      • Attack Vector Timeline
      • Cyberattacks and Defense
      • Cyber Defense Security
      • Cyber Resilience Act
      • Data Security
      • Digital Operational Resilience Act
      • Exposure Management
      • IT and Information Security
      • NIS2 Directive
      • Open Source Vulnerability Management
      • The Vulnerability Timeline
  • German
  • English
  • Italian
  • Dutch
Elmar Geese

Attackers are increasingly shifting from stolen credentials to exploited vulnerabilities

Blog

For nearly two decades, stolen credentials have been the focus of many analyses of security breaches. This picture is now changing. According to the Verizon 2026 Data Breach Investigations Report (DBIR), vulnerability exploitation has overtaken credential abuse as the top breach vector for the first time — accounting for 31% of breaches, compared to just 13% for credential theft. AI is accelerating attack development, compressing the window between vulnerability disclosure and exploitation from months to hours. ([Heise][1])

This shift is strategically significant. It means that companies can no longer rely solely on identity protection, phishing training, MFA, endpoint protection, or perimeter defense. While these controls remain essential, they do not address the central question that attackers are increasingly exploiting: Where is the company currently technically vulnerable?

Exploited > Stolen

AI is changing the pace of attacks

Generative AI and automation reduce the cost of reconnaissance, accelerate the development of exploits, and make it easier for attackers to scale their operations. The practical implication is clear: defenders must shorten the time between the disclosure, detection, prioritization, and remediation of vulnerabilities. In an environment where attackers can identify and exploit exposed vulnerabilities more quickly, vulnerability management is no longer just a periodic compliance measure. It is becoming an operational security discipline.

Vulnerability management closes the gap

Organizations must identify vulnerabilities before attackers exploit them. We view vulnerability management as the central process in which vulnerabilities in the IT infrastructure are uncovered, classified by severity, and remediation measures are recommended. This allows vulnerabilities to be eliminated before they become exploitable risks.

Vulnerability management examines the infrastructure from the attacker’s perspective and asks which systems, services, devices, and configurations are currently exposed. Greenbone explicitly positions this “outside-in” perspective as a complement to firewalls and other defense systems.

Why OpenVAS is the right vulnerability scanner right now

OPENVAS is our answer to this problem. We offer authenticated and unauthenticated testing, support for internet and industrial protocols, optimization of large-scale scans, and a powerful internal language for vulnerability testing. Our tests are sourced from a feed with daily updates, and have been since 2006.

Our enterprise vulnerability management solutions utilize more than 225,000 vulnerability tests, with new tests added daily. This is important because vulnerability management is only effective if it reflects the current threat landscape. A scanner that isn’t continuously updated will quickly be outpaced by attackers.

The economic case has become more compelling

AI is changing the economic case for vulnerability management. The need is not abstract. It is driven by measurable changes in attacker behavior. The 2026 DBIR found that the median time to full patching grew to 43 days (up from 32 days the year before) while organizations patched only 26% of vulnerabilities in CISA’s Known Exploited Vulnerabilities (KEV) catalog, down from 38% in 2024.

When exploited vulnerabilities become the primary entry point into organizations, identifying and reducing the attack surface is one of the most effective ways to lower the likelihood of security breaches.

Conclusion: Security teams need continuous visibility

The lesson from the latest attack data is simple: organizations must assume that their disclosed vulnerabilities will be discovered, correlated, and exploited faster than ever before. Protecting login credentials remains essential, but it is no longer sufficient. The new priority lies in continuous visibility into the attack surface, risk-based prioritization, and rapid remediation.

This is exactly where Greenbone and OPENVAS come into play. In a threat landscape where attackers are increasingly exploiting known and detectable vulnerabilities, vulnerability management becomes the first line of defense: identify the vulnerability, understand the risk, and act before the attacker does.

 

[1]: https://www.heise.de/news/KI-Aera-Laut-Verizon-mehr-Angriffe-ueber-Luecken-als-mit-gestohlenen-Zugangsdaten-11299991.html?utm_source=chatgpt.com “AI Era: According to Verizon, More Attacks via Vulnerabilities Than with Stolen Credentials”

[2]: https://www.securityweek.com/verizon-dbir-2026-vulnerability-exploitation-overtakes-credential-theft-as-top-breach-vector/?utm_source=chatgpt.com “Verizon DBIR 2026: Exploitation of vulnerabilities overtakes credential theft as the most common attack method”

[3]: https://www.verizon.com/business/resources/reports/dbir/ “2026 Data Breach Investigations Report (DBIR) | Verizon”

[4]: https://www.greenbone.net/en/ “Vulnerability Management | Open Source and GDPR-Compliant”

 

Contact Test Now Buy Here Back to Overview
Elmar Geese
Elmar Geese

Elmar Geese has many years of experience in IT and IT security. He has been a member of the Greenbone management team since 2018 and a member of the Greenbone AG Executive Board since 2023.

He is particularly interested in the topics of management, security and the management of security, so-called artificial and human intelligence, especially in the context of cybersecurity.

As a trained musician, he still enjoys playing various instruments and is a great fan of classical music.

LinkedIn

21. May 2026/by Elmar Geese
Share this entry
  • Share on LinkedIn
  • Share by Mail
https://www.greenbone.net/wp-content/uploads/greenbone-logo-2025.png 0 0 Elmar Geese https://www.greenbone.net/wp-content/uploads/greenbone-logo-2025.png Elmar Geese2026-05-21 14:17:192026-05-21 14:17:19Attackers are increasingly shifting from stolen credentials to exploited vulnerabilities

Search

Search Search

Archive

  • 2026
  • 2025

Newsletter

Subscribe Now

OPENVAS BASIC

Our entry-level enterprise product

Test 14 Days Free of Charge

Products & Solutions

  • OPENVAS PRODUCTS
  • OPENVAS SECURITY INTELLIGENCE
  • OPENVAS SCAN
  • OPENVAS BASIC
  • OPENVAS FREE
  • OPENVAS AI
ISO9001-EN

Service & Support

  • Technical Support
  • FAQ
  • Documents
  • Warranty
  • Open Source Vulnerability Management
  • Cyber Resilience Act
ISO27001-EN

About us

  • About Greenbone
  • Partners
  • MSSP
  • License information
  • Privacy Statement
  • Terms & Conditions
ISO14001-EN

Contact with us

  • Contact
  • Newsletter
  • Media Contact
  • Careers
  • Security Response
  • Imprint
  • Grounding Page

Community

  • Community Portal
  • Community Forum
© Copyright - Greenbone AG 2020-2026
  • Link to LinkedIn
Link to: Greenbone’s OPENVAS SCAN Now Covers Ubuntu 26.04 LTS Security Notices! Link to: Greenbone’s OPENVAS SCAN Now Covers Ubuntu 26.04 LTS Security Notices! Greenbone’s OPENVAS SCAN Now Covers Ubuntu 26.04 LTS Security Notices... Link to: When the Referee Stops Blowing the Whistle Link to: When the Referee Stops Blowing the Whistle When the Referee Stops Blowing the Whistle
Scroll to top Scroll to top Scroll to top
Contact
Request IT Security Contact Us Subscribe to Newsletter Follow on LinkedIn