A report by cybersecurity firm Rezilion shows that more than 15 million publicly facing services are not protected from each of the 896 vulnerabilities that the Cybersecurity and Infrastructure Security Agency has listed in its catalog of known exploitable vulnerabilities, according to BleepingComputer. Rezilion, which conducted a large-scale study to identify systems that are vulnerable to either ransomware organizations or state-sponsored threat actors, says more than half of known instances are susceptible to one of the 137 vulnerabilities associated with Microsoft Windows, and more than half of the top 10 most commonly identified CVEs in endpoints are at least five years old. "Overall, over 4.5 million internet-facing devices were identified as vulnerable to KEVs discovered between 2010 and 2020," the firm said in its report. The firm also analyzed the data to identify the vulnerability with the highest interest among threat actors and found that CVE-2022-26134 , a critical-severity flaw in Atlassian Confluence Server and Data Center, is the most exploited flaw with 816 exploitation attempts in March.