Today, the threat intelligence team at Flashpoint published new research examining how the race between defenders and adversaries is accelerating — and why known vulnerabilities, not zero-days, are now driving the majority of real-world attacks.
Key finding: Flashpoint data shows that N-day vulnerabilities account for more than 80% of Known Exploited Vulnerabilities (KEVs) tracked over the past four years, underscoring a major shift in attacker behavior. Even more concerning, the average Time to Exploit (TTE) — the gap between public disclosure and observed exploitation — has collapsed from 745 days in 2020 to just 44 days by 2025, dramatically reducing the patching grace period many enterprises rely on.
Flashpoint researchers attribute this trend to the rapid weaponization of publicly released proof-of-concept code, effectively creating “turn-key” exploits that allow even less sophisticated actors to launch mass attacks within hours.
Additional insights include:
- Security and perimeter technologies — such as firewalls, VPN gateways, and edge devices — are among the most targeted because they must remain internet-facing.
- Nation-state activity remains prominent, with China identified as the most active actor in vulnerability exploitation campaigns.
- Most organizations lack full asset visibility, with many maintaining accurate inventories for only about 25% of assets, slowing detection and response.
Why this matters? As weaponization timelines compress — sometimes to under 24 hours — organizations must shift from reactive patching toward intelligence-led exposure management that prioritizes exploitability and threat-actor activity.
Like this:
Like Loading...
Related
This entry was posted on February 11, 2026 at 3:16 pm and is filed under Commentary with tags Flashpoint. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
80% of Exploited Vulnerabilities Are “N-Days” – Not Zero-Days: Flashpoint
Today, the threat intelligence team at Flashpoint published new research examining how the race between defenders and adversaries is accelerating — and why known vulnerabilities, not zero-days, are now driving the majority of real-world attacks.
Key finding: Flashpoint data shows that N-day vulnerabilities account for more than 80% of Known Exploited Vulnerabilities (KEVs) tracked over the past four years, underscoring a major shift in attacker behavior. Even more concerning, the average Time to Exploit (TTE) — the gap between public disclosure and observed exploitation — has collapsed from 745 days in 2020 to just 44 days by 2025, dramatically reducing the patching grace period many enterprises rely on.
Flashpoint researchers attribute this trend to the rapid weaponization of publicly released proof-of-concept code, effectively creating “turn-key” exploits that allow even less sophisticated actors to launch mass attacks within hours.
Additional insights include:
Why this matters? As weaponization timelines compress — sometimes to under 24 hours — organizations must shift from reactive patching toward intelligence-led exposure management that prioritizes exploitability and threat-actor activity.
Share this:
Like this:
Related
This entry was posted on February 11, 2026 at 3:16 pm and is filed under Commentary with tags Flashpoint. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.