Recorded Future has released the 2018 version of it’s annual top 10 list of most exploited vulnerabilities. The list contains 8 Microsoft Office vulnerabilities that are being exploited as part of phishing campaigns involving malicious Word and Excel documents. The other two flaws in the list are an Adobe Flash flaw at number 2 and an Android bug at number 10.
The report also noted a continued trend away from exploit kits, with threat actors releasing only 5 new kits last year. In 2017, 10 new exploit kits were introduced, which was already a staggering drop from the more than 60 kits released in 2016.