00:00:00Last year was a record breaking year for cybersecurity and not in a good way.
00:00:04More than 48,000 CVEs were published last year and it's officially the highest amount
00:00:10of vulnerabilities discovered in a single year.
00:00:13And it seems that things are not going to get any easier going forward.
00:00:17In this video, let's take a deeper look at the statistics to figure out why is the number
00:00:22of vulnerabilities surging and what we can do about it.
00:00:29So vulnerabilities were up last year by 18% and that means there were on average 130 new
00:00:35security flaws discovered every day of the year.
00:00:39What's even scarier is that in early 2025, roughly 28% of observed exploits were launched
00:00:46within one day of the vulnerabilities disclosure.
00:00:49That means that by the time developers issued a patch, the attackers were already actively
00:00:54exploiting and targeting systems.
00:00:57And needless to say, AI coding has made it even easier on both fronts.
00:01:01With vibe coding on the rise, this opens new systems up to unseen vulnerabilities because
00:01:07of weaker security measures put in place by the AI coding agents.
00:01:11And on the attacker side, it's never been easier and faster to scan a system for critical issues
00:01:17and to quickly generate a script that could actively exploit these newfound vulnerabilities.
00:01:22But when looking at the types of exploits, surprisingly enough, cross-site scripting
00:01:27and SQL injection are still one of the most popular attack vectors.
00:01:32So implementing a proper input sanitization on your apps or systems is one of the easiest
00:01:38things you can do to protect yourself.
00:01:40And if we're talking about specific web frameworks, WordPress still remains the highest source
00:01:45of newly discovered CVEs with around 7000 new vulnerabilities discovered on WordPress alone.
00:01:52So I would caution to stay away from WordPress.
00:01:55But if you do plan to use WordPress for your next projects, make sure you use as little
00:02:00plugins as possible because the vast majority, 90% of WordPress related bugs come from third
00:02:07party plugins and another 6% from themes and only 4% come from the core WordPress software itself.
00:02:15So the WordPress core is relatively secure, but plugins are usually poorly maintained and
00:02:21some issues might get neglected.
00:02:23But this brings up a good point.
00:02:25Which languages and which frameworks are relatively secure?
00:02:28Well, the data shows that on average, memory safe languages like Rust, Java, Go, C#, Python
00:02:36or Swift are considered more secure than memory unsafe languages like C, C++ or assembly because
00:02:43these languages allow direct pointer manipulation.
00:02:47And research shows that roughly 70% of all high severity security vulnerabilities in large
00:02:52code bases like those at Microsoft and Google are caused by memory safety issues.
00:02:59And a major shift in 2025 has been the aggressive push by organizations like CISA, the NSA and
00:03:06the White House for developers to move away from memory unsafe languages.
00:03:11It's also worth looking at code density when assessing vulnerability risk because Google's
00:03:162025 data indicates that Rust code has a vulnerability density of 0.2 per million lines of code compared
00:03:26to nearly 1000 per million lines of code in historical C or C++ code.
00:03:32And this makes total sense because C and C++ has been around since the 70s and they have
00:03:37a lot of historical code that still carries potential unpatched vulnerabilities.
00:03:42So if you were wondering whether to choose C or Rust for your next project, this fact
00:03:47alone might tip the scale much more in favor of Rust just from a security standpoint alone.
00:03:52And if we look at operating systems, then by far the most vulnerable operating system is
00:03:58the Linux kernel.
00:03:59And this isn't really surprising because as we know, the Linux kernel is ubiquitous.
00:04:04It's powering servers, Android, IoT devices, amongst other things.
00:04:09And it has been heavily scrutinized by researchers.
00:04:12So lots of bugs have been found and disclosed.
00:04:15Plus any open source project is bound to garner more attention from potential attackers.
00:04:20So as we head into 2026, the question is, what can we do to better prepare ourselves and protect
00:04:25our systems from upcoming threats?
00:04:28Well, the reality is that we are no longer just fighting human hackers.
00:04:32We're entering an era of machine to machine warfare.
00:04:36So here are three pillars of security you should focus on this year.
00:04:40One, prioritize memory safety.
00:04:43For all new development, prioritize memory safe languages like Rust, Go, Swift or others.
00:04:49And transitioning away from C and C++ is the most effective way to reduce your vulnerability density.
00:04:55Two, implement AI driven monitoring.
00:04:58Since attackers now use AI to launch exploits within 24 hours of disclosure, manual oversight
00:05:05is no longer sufficient.
00:05:06You should deploy automated detection systems that use behavioral analysis to identify anomalies
00:05:12in real time.
00:05:13And a great monitoring tool for these types of detections is Better Stack.
00:05:17Better Stack now has AI native error tracking built into it, and it even includes an AI SRE
00:05:24that can alert you any time of the day when something in your system goes wrong.
00:05:28And third, minimize the supply chain surface.
00:05:32This lesson applies to all modern development.
00:05:35Reduce dependencies.
00:05:37Most vulnerabilities stem from third party plugins and libraries.
00:05:41This was especially noticeable with the vicious React to Shell exploit last year, on which
00:05:46James did an excellent deep dive, which you can watch right over here.
00:05:49And finally, the fourth thing you should do is subscribe to our channel to make sure you
00:05:54don't miss any updates on new critical vulnerabilities.
00:05:58We try our best here at the Better Stack channel to keep you up to date with the latest developments,
00:06:03and that includes addressing newly discovered vulnerabilities.
00:06:06So I hope you found this video useful, and if you did, then make sure to let us know
00:06:10by smashing that like button underneath the video.
00:06:13This has been Andres from Better Stack, and I will see you in the next videos.