- The Flashpoint report claims that more than 80% of exploited vulnerabilities last n days, not zero days.
- Average operating time fell from 745 days (2018) to just 44 days (2025)
- Attackers focus on firewalls, VPNs and edge devices; China most active in exploitation campaigns
While zero-day vulnerabilities may seem worrying, it’s the n-day vulnerabilities that are behind most cyberattacks, experts warn.
Security researchers Flashpoint have revealed new research based on input from CISA’s KEV, as well as internal mean time to operation (TTE) data.
According to the analysis, more than 80% of all exploited vulnerabilities tracked over the past four years were not zero-day vulnerabilities (newly discovered flaws without a patch), but rather n-day vulnerabilities (those that had been known for longer and have already been mitigated with a patch or workaround).
First targets of firewalls and VPNs
This may seem counterintuitive, since patched vulnerabilities can be easily fixed by deploying the patch. However, six years ago, the average time to exploitation (the gap between public disclosure and observed exploitation) was 745 days, meaning defenders had a two-year grace period to apply patches before expecting an attack.
Last year, the TTE had fallen to 44 days. This means that cybercriminals actively monitor news about recently patched vulnerabilities and act quickly to exploit them. It’s easier to rely on an already known vulnerability, rather than looking for one itself, and if victims aren’t diligent in patching, they become low-hanging fruit.
Of all the hardware and software they can target, attackers are primarily interested in security and perimeter technologies, such as firewalls, VPN gateways and edge devices. They are the first choice of any attacker because they must remain connected to the Internet and are therefore a logical first step.
Nation-state activity “remains significant,” Flashpoint added, noting that China has been identified as the most active vendor in vulnerability exploitation campaigns.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
