Business
Rapid7 2026 Global Threat Landscape Report Shows Exploited High and Critical-Severity Vulnerabilities Surged 105% as Attack Timelines Collapsed
New research reveals exploitation now occurs within days of disclosure, reinforcing the need for preemptive security operations BOSTON, March 18, 2026 (GLOBE
About this update from Rapid7, Inc.
[{"type":"text","content":"New research reveals exploitation now occurs within days of disclosure, reinforcing the need for preemptive security operations\nBOSTON, March 18, 2026 (GLOBE NEWSWIRE) -- Rapid7 (NASDAQ: RPD), a global leader in AI-powered managed cybersecurity operations, today released The 2026 Global Threat Landscape Report: Decoding the Accelerated Cyber Attack Cycle. The report finds that the window between vulnerability disclosure and confirmed exploitation continues to collapse, leaving organizations with dramatically less time to assess risk, prioritize remediation, and contain threats before impact. The predictive lead time defenders once relied on between disclosure and exploitation has largely disappeared. The report found that exploited high and critical severity vulnerabilities more than doubled year over year, increasing 105% from 71 in 2024 to 146 in 2025, while the window between vulnerability publication and confirmed exploitation continues to shrink, with attackers increasingly operationalizing vulnerabilities within days of disclosure. “Exploitation timelines are increasingly measured in days rather than weeks,” said Raj Samani, chief scientist at Rapid7. “AI is being integrated rapidly into attacker playbooks, accelerating how quickly exposure is operationalized. Many of the incidents we investigate still originate from known, unaddressed exposure. In those cases, attackers don’t need sophistication, they need opportunity. As remediation windows shrink, reducing that opportunity becomes essential to limiting compromise.” Key findings from the 2026 report This report correlates vulnerability publication data, confirmed exploitation trends, frontline MDR incident response telemetry, and dark web, cybercrime, and nation-state intelligence to provide a unified view of how exposure evolves into compromise. Key findings include: Exploitation is accelerating faster than defenders can remediate: The number of “high-risk but not yet exploited” vulnerabilities (CVSS 7-10) fell dramatically, while the number of exploited vulnerabilities increased sharply from 71 in 2024 to 146 in 2025. This indicates that high-probability vulnerabilities (CVSS 7-10) are being operationalized almost immediately.Weaponization timelines continue to shrink: The median time from a vulnerability's publication to its inclusion in the CISA KEV catalog dropped ...