Global Threat Landscape Report Shows Exploited High and Critical Severity Vulnerabilities Surged 105% as Attack Timelines Collapsed

The Rapid7 report underscores a seismic shift in how quickly threat actors move from discovery to exploitation. By correlating public vulnerability disclosures with real‑time MDR telemetry, the study shows that attackers are now operationalising high‑CVSS flaws within days, slashing the historical eight‑day median to just five. This compression forces security teams to rethink the classic "identify‑prioritise‑patch" cadence, as the luxury of extended testing and staged rollouts evaporates. The data also highlights a surge in AI‑driven tooling, which automates phishing content and script generation, further compressing attack timelines.

Two underlying drivers amplify this risk. First, generative AI equips even low‑skill actors with sophisticated payloads, shrinking the skill gap and expanding the pool of potential adversaries. Second, identity exposure remains the most common entry point, with lax or missing multi‑factor authentication responsible for nearly half of all incidents. Combined with a 46% rise in ransomware leak posts, these trends illustrate a threat ecosystem where speed, automation, and credential abuse intersect, demanding a more proactive, risk‑based defense posture.

To stay resilient, organizations must align remediation priorities with real‑time exploitation velocity. This means integrating threat‑intelligence feeds, continuously monitoring for active weaponisation, and automating patch deployment for high‑risk assets. Investing in robust MFA, behavioural analytics, and AI‑enhanced detection can reduce the opportunity window attackers exploit. As exploitation timelines continue to collapse, the ability to triage exposure dynamically will become the decisive factor between a thwarted attempt and a costly breach.