Unpatched software vulnerabilities are fast becoming one of the biggest cybersecurity threats to Indian enterprises. Kaspersky, a global leader in cybersecurity and threat intelligence, has revealed alarming data showing that over 7.34 lakh exploit attacks were blocked in India between January and June 2025 — averaging more than 4,000 cyberattacks per day.
Exploits are malicious programs designed to take advantage of flaws in software or operating systems, giving cybercriminals unauthorized access to sensitive data. When systems remain unpatched, these vulnerabilities act as open doors for ransomware, malware infections, and data breaches. Kaspersky’s findings highlight how cybercriminals continue to exploit old and unpatched weaknesses in enterprise IT systems, leaving businesses exposed to severe operational and financial risks.
Globally, the most exploited vulnerabilities were found in Microsoft Office and Windows platforms, including remote code execution flaws like CVE-2018-0802, CVE-2017-11882, and CVE-2017-0199. These vulnerabilities allow attackers to gain full control of systems remotely, often leading to data theft and network compromise. The report also emphasized that the top 10 vulnerabilities included both new zero-day exploits and older unpatched flaws — an indication that businesses continue to neglect timely updates and patch management.
Interestingly, attackers are now expanding beyond traditional tools. Kaspersky reported that low-code/no-code (LCNC) platforms and frameworks for AI-powered applications are emerging as new targets. As companies increasingly adopt these tools to speed up digital transformation, cybercriminals are exploiting their weak security controls to gain deeper access into corporate networks.
Adrian Hia, Managing Director for Asia Pacific at Kaspersky, said, “A 4% rise in exploits against Indian businesses may seem small, but it underscores how relentless cyber attackers are. With effective threat intelligence and proactive patch management, Indian organizations can prevent these attacks before they escalate.”
In total, Kaspersky enterprise security solutions detected and blocked over 2.29 million web threats in India during the first half of 2025 — a 13.7% increase from last year. These web-based attacks, including phishing, malware downloads, and drive-by exploits, demonstrate the growing need for cyber resilience, real-time monitoring, and AI-driven threat detection in India’s digital ecosystem.
Kaspersky advises Indian organizations to implement automated vulnerability assessment tools, maintain continuous 24/7 monitoring, deploy AI-based endpoint security solutions, and use up-to-date threat intelligence feeds to understand attackers’ latest tactics, techniques, and procedures (TTPs). Strengthening patch management, employee awareness, and incident response frameworks will be critical to defending against the next wave of cyber threats targeting Indian enterprises.
