The gap between vulnerability disclosure and exploitation is drastically decreasing, putting security teams’ patching practices on notice. According to Rapid7’s latest Cyber Threat Landscape Report, confirmed exploitation of newly disclosed high- and critical-severity vulnerabilities (CVSS 7-10) increased 105% year to 146 in 2025, up from 71 in 2024. Moreover, the median time from vulnerability publication to CISA Known Exploited Vulnerabilities (KEV) inclusion dropped from 8.5 days to 5.0 days, with mean time-to-exploit dropping from 61.0 days to 28.5 days. Zero-day exploits have also been hitting enterprises faster and harder, according to a recent report from Google Threat Intelligence Gr...