- The Flashpoint report claims that over 80% of exploited bugs are n-days, not zero-days
- Average utilization time decreased from 745 days (2018) to just 44 days (2025)
- Attackers focus on firewalls, VPNs and edge devices; China is most active in exploitation campaigns
While zero-day vulnerabilities may sound ominous, it is n-days that drive most cyber attacks, experts have warned.
Security researchers Flashpoint revealed new research based on entries in CISA’s KEV as well as internal data on average time to exploitation (TTE).
According to the analysis, more than 80% of all exploited vulnerabilities detected over the past four years were not zero-days (newly discovered bugs without a patch), but rather n-days (those that were known for a long time and have already been fixed with a patch or fix).
Firewalls and VPNs’ first target
This may sound counterintuitive, since patched vulnerabilities can easily be fixed by, well, deploying the patch. But six years ago, the average time to exploit (the gap between public disclosure and observed exploitation) was 745 days, meaning defenders had a two-year grace period to patch before expecting an attack.
Last year, TTE was down to 44 days. This means that cybercriminals actively monitor news of newly targeted vulnerabilities and act quickly to exploit them. It’s easier to lean on an already known vulnerability rather than hunting one yourself, and if victims aren’t diligent about patching, they become low-hanging fruit.
Of all the different hardware and software they can target, miscreants are primarily interested in security and perimeter technologies, such as firewalls, VPN gateways and edge devices. They are every attacker’s first choice because they need to remain Internet-facing, and as such it is a logical first step.
Nation-state activity “remains prominent,” Flashpoint added, emphasizing that China was identified as the most active vendor in vulnerability exploitation campaigns.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
