The article describes a broad, sustained campaign of exploitation attempts targeting internet-facing edge infrastructure like VPNs, routers, and remote access services, which serve as a primary attack vector for initial access. The threat is not a single vulnerability but a pattern of mass exploitation, with nearly 3 billion malicious sessions recorded against these systems in the second half of 2025. As this is an analysis of attack trends rather than a specific flaw, details like a CVSS score, affected versions, a fixed version, or a specific workaround are not provided.
Internet-facing VPNs, routers, and remote access services absorbed sustained exploitation attempts throughout the second half of 2025, with nearly 3 billion malicious sessions recorded over 162 days. The concentration on edge infrastructure aligns with how attackers pursue initial access across the public internet. GreyNoise’s State of the Edge data set covers 2.97 billion sessions observed between July 23 and December 31, 2025, across sensors in more than 80 countries. Activity averaged roughly 212 malicious sessions … More → The post Edge systems take the brunt of internet-wide exploitation attempts appeared first on Help Net Security .