Skip to main content
VendorsGreyNoise

GreyNoise

Cybersecurity reports and statistics published by GreyNoise

6 categories2 reports

Recent Statistics & Reports

When session volume and IP count spike simultaneously, lead time extends to 21 days.

5/27/2026
Threat IntelligenceNetwork Security

78% of vendor-targeted surges begin within 21 days before the associated vulnerability disclosure.

5/27/2026
Threat IntelligenceVulnerability Disclosure

GreyNoise sensors observe eight distinct surges targeting Cisco before the advisory for CVE-2026-20127, with the earliest surge occurring 39 days before disclosure.

5/27/2026
Threat IntelligenceVendor SecurityCVE

SonicWall CVE-2026-0400 experienced six surges with lead times compressing from 37 days to 3 days and peak session volume reaching 69 times the median.

5/27/2026
Vulnerability DisclosureThreat IntelligenceSonicWall

Fortinet CVE-2026-24858 provides one day of warning before disclosure.

5/27/2026
Vulnerability DisclosureThreat IntelligenceCVE

Distributed surges average 21.3 days of lead time before disclosure.

5/27/2026
Threat IntelligenceNetwork Security

Concentrated hosting surges average 7.5 days of lead time before disclosure.

5/27/2026
Threat IntelligenceNetwork Security

68 of 104 detected surge events preceded a vendor-matched CVE, spanning 33 vulnerabilities across 16 vendor families.

5/27/2026
Vulnerability DisclosureThreat IntelligenceVendor Security

The median lead time of vendor-targeted surges before a matched vulnerability disclosure is 11 days.

5/27/2026
Threat IntelligenceVulnerability Disclosure

49% of vendor-targeted surges begin within 10 days before the associated vulnerability disclosure.

5/27/2026
Threat IntelligenceVulnerability Disclosure

Attackers are getting quicker at exploiting newly found CVEs, with exploitation observed within hours of disclosure in 2024.

2/28/2025

A majority of the most exploited vulnerabilities in 2024 targeted home internet routers, including customer-facing fiber modems

2/28/2025

40% of vulnerabilities exploited in 2024 were from 2020 or earlier.

2/28/2025

GreyNoise detected the exploitation of 29 vulnerabilities before they were added to CISA’s KEV catalog.

2/28/2025

28% of the CVEs added to CISA’s KEV catalog were leveraged by ransomware groups.

2/28/2025

10% of vulnerabilities exploited in 2024 were from 2016 or earlier, with some dating back to the late 1990s, such as CVE-1999-0526.

2/28/2025