{"id":4478,"date":"2026-02-12T11:38:03","date_gmt":"2026-02-12T11:38:03","guid":{"rendered":"http:\/\/ft365.org\/index.php\/2026\/02\/12\/time-to-exploit-plummets-as-n-day-flaws-dominate\/"},"modified":"2026-02-12T11:38:03","modified_gmt":"2026-02-12T11:38:03","slug":"time-to-exploit-plummets-as-n-day-flaws-dominate","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2026\/02\/12\/time-to-exploit-plummets-as-n-day-flaws-dominate\/","title":{"rendered":"Time to Exploit Plummets as N-Day Flaws Dominate"},"content":{"rendered":"<div>\n<p><img decoding=\"async\" src=\"http:\/\/ft365.org\/wp-content\/uploads\/2025\/06\/localimages\/ea721ff9-8ba4-4d88-b386-57e9e1606077.jpg?width=64&#038;height=64&#038;mode=crop&#038;scale=both&#038;format=webp\" alt=\"Photo of Phil Muncaster\" loading=\"lazy\"><\/p>\n<\/div>\n<div id=\"cphContent_pnlArticleBody\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>The time between vulnerability disclosure and exploitation has plunged 94% over the past five years as threat actors weaponize so-called \u201cn-days,\u201d according to a new Flashpoint study.<\/p>\n<p>The threat intelligence vendor claimed that\u00a0\u201ctime to exploit\u201d (TTE) dropped from 745 days in 2020 to just 44 days last year, dramatically reducing the time security and IT teams have to patch.<\/p>\n<p>Driving this trend is the growing use of n-day exploits, which relate to vulnerabilities that have been publicly disclosed but remain unpatched by organizations.<\/p>\n<p>Flashpoint claimed that n-days now represent over 80% of the CVEs listed in its Known Exploited Vulnerabilities (KEV) database, VulnDB.<\/p>\n<p><em>Read more on vulnerability exploitation: Microsoft Fixes Six Zero Day Vulnerability in February Patch Tuesday.<\/em><\/p>\n<p>Although zero-day vulnerabilities and exploits grab more headlines, n-days make more sense to threat actors as they require much less time, effort and expense to research.<\/p>\n<p>\u201cAdversaries have gained a significant advantage through the rapid weaponization of researcher-published proof-of-concept (PoC) code. When a fully functional exploit is released alongside a vulnerability disclosure, it becomes a \u2018turn-key\u2019 solution for attackers,\u201d the report noted.<\/p>\n<p>\u201cBy combining these ready-made exploits with internet-wide scanning tools like Shodan or FOFA, even unsophisticated threat actors can conduct mass exploitation across large segments of the internet in hours.\u201d<\/p>\n<p>Security and perimeter software is a growing target for n-day attacks, Flashpoint warned. The firm said it observed 52 zero-day and 37 n-day attacks targeted these tools in 2025.<\/p>\n<p>Just this week, it emerged that a likely nation-state actor had exploited two critical zero-day bugs in Ivanti Endpoint Manager Mobile (EPMM)\u00a0to compromise several government agencies.<\/p>\n<h2><strong>Visibility Issues Compound Security Challenges<\/strong><\/h2>\n<p>The challenges facing security teams in this regard are exacerbated by two issues related to visibility, Flashpoint claimed.<\/p>\n<p>The first is asset visibility \u2013 Flashpoint claimed that \u201cmost\u201d large organizations may not have more than a quarter of their total assets inventoried.<\/p>\n<p>The second it dubbed a \u201cCVE blind spot\u201d arising from the fact that most security tools are dependent on CVEs.<\/p>\n<p>\u201cHowever, thousands of vulnerabilities are disclosed every year that never receive an official CVE ID,\u201d the report added. \u201cThese \u2018missing\u2019 vulnerabilities represent a massive blind spot for standard scanners.\u201d<\/p>\n<p>Long-running resource problems with the National Vulnerability Database (NVD) have compounded the problem, leading to delays in processing CVEs.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>The time between vulnerability disclosure and exploitation has plunged 94% over the past five years as threat actors weaponize so-called \u201cn-days,\u201d according to a new Flashpoint study. The threat intelligence vendor claimed that\u00a0\u201ctime to exploit\u201d (TTE) dropped from 745 days in 2020 to just 44 days last year, dramatically reducing the time security and IT<\/p>\n","protected":false},"author":2,"featured_media":4479,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-4478","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4478-5f1bed42-b0b5-4b01-8bce-b51456832998.jpg",300,300,false],"thumbnail":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4478-5f1bed42-b0b5-4b01-8bce-b51456832998-150x150.jpg",150,150,true],"medium":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4478-5f1bed42-b0b5-4b01-8bce-b51456832998.jpg",300,300,false],"medium_large":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4478-5f1bed42-b0b5-4b01-8bce-b51456832998.jpg",300,300,false],"large":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4478-5f1bed42-b0b5-4b01-8bce-b51456832998.jpg",300,300,false],"1536x1536":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4478-5f1bed42-b0b5-4b01-8bce-b51456832998.jpg",300,300,false],"2048x2048":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4478-5f1bed42-b0b5-4b01-8bce-b51456832998.jpg",300,300,false],"morenews-featured":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4478-5f1bed42-b0b5-4b01-8bce-b51456832998.jpg",300,300,false],"morenews-large":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4478-5f1bed42-b0b5-4b01-8bce-b51456832998.jpg",300,300,false],"morenews-medium":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4478-5f1bed42-b0b5-4b01-8bce-b51456832998.jpg",300,300,false],"crawlomatic_preview_image":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4478-5f1bed42-b0b5-4b01-8bce-b51456832998-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"http:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"http:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4478","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=4478"}],"version-history":[{"count":0,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4478\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/4479"}],"wp:attachment":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=4478"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=4478"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=4478"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}