Skip to main content
HomeTopicsThreat Intelligence

Threat Intelligence

Threat actor analysis, emerging attack patterns, malware trends, and security intelligence sharing statistics.

Showing 1-20 of 83 results

27% of security professionals would prioritise automating the conversion of threat intelligence into actionable priorities.

Filigran6/20/2026
Automation

21% of security professionals say the volume of threat intelligence information often creates more noise than clarity.

Filigran6/20/2026
Information Overload

19% of security professionals completely trust threat intelligence to tell them what to fix first.

Filigran6/20/2026

52% of security professionals say threat intelligence helps inform decisions but still requires significant human judgement.

Filigran6/20/2026
Human Judgment

GreyNoise sensors observe eight distinct surges targeting Cisco before the advisory for CVE-2026-20127, with the earliest surge occurring 39 days before disclosure.

GreyNoise5/27/2026
Vendor SecurityCVE

When session volume and IP count spike simultaneously, lead time extends to 21 days.

GreyNoise5/27/2026
Network Security

78% of cybersecurity professionals confirm that AI has already improved threat intelligence operations to some degree.

Cyware5/27/2026
AI Impact

Concentrated hosting surges average 7.5 days of lead time before disclosure.

GreyNoise5/27/2026
Network Security

Distributed surges average 21.3 days of lead time before disclosure.

GreyNoise5/27/2026
Network Security

Real-time sharing of threat intelligence across SecOps, incident response, and vulnerability management nearly doubled from 17% in 2025 to 32% in 2026.

Cyware5/27/2026
Incident ResponseCollaboration

79% of cybersecurity professionals say threat intelligence sharing is critical or very important for detection and response workflows.

Cyware5/27/2026
Detection And ResponseThreat Intelligence Sharing

78% of vendor-targeted surges begin within 21 days before the associated vulnerability disclosure.

GreyNoise5/27/2026
Vulnerability Disclosure

The median lead time of vendor-targeted surges before a matched vulnerability disclosure is 11 days.

GreyNoise5/27/2026
Vulnerability Disclosure

68 of 104 detected surge events preceded a vendor-matched CVE, spanning 33 vulnerabilities across 16 vendor families.

GreyNoise5/27/2026
Vulnerability DisclosureVendor Security

Fortinet CVE-2026-24858 provides one day of warning before disclosure.

GreyNoise5/27/2026
Vulnerability DisclosureCVE

SonicWall CVE-2026-0400 experienced six surges with lead times compressing from 37 days to 3 days and peak session volume reaching 69 times the median.

GreyNoise5/27/2026
Vulnerability DisclosureSonicWall

49% of vendor-targeted surges begin within 10 days before the associated vulnerability disclosure.

GreyNoise5/27/2026
Vulnerability Disclosure

43% of security teams use AI for threat intelligence correlation.

Ivanti2/14/2026
AISecurity Analytics

New domains make up over 65% of unique threat domains.

DNSFilter2/9/2026
Domain ThreatsNetwork Trends

Teams using attack intelligence to track emerging AI vulnerabilities increased by 10%.

Black Duck2/9/2026
AI SecurityApplication Security