Video

The average time it takes attackers to weaponize a vulnerability, either before or after a patch is released, shrank from 63 days in 2018-2019 to just five days last year

18 Oct 2024

As many as 97 out of the 138 vulnerabilities disclosed as actively exploited in the wild in 2023 were zero-days, according to a report from Mandiant. The rest of the software flaws under review were exploited as n-days; i.e., vulnerabilities first exploited after patches are made available (versus zero days, which are abused before patches are released). The average time to exploit a software flaw has been shrinking considerably over the years – from 63 days in 2018-2019 all the way to only five days last year.

These and other figures in the report underscore a disconcerting trend: threat actors are rapidly getting better at spotting and weaponizing software vulnerabilities, which clearly poses an escalating threat to businesses and individuals alike.

What else did the report find and how does the market for zero-day exploits factor into the problem? Find out in the video.

Connect with us on Facebook, Twitter, LinkedIn and Instagram.