1(520) 261-1728

info@threatintel-solutions.net

Threat Intel Solutions

Let’s Talk

Threat actors exploiting zero-days faster than ever – Week in security with Tony Anscombe

VideoThreat actors exploiting zero-days faster than ever — Week in security with Tony Anscombe==========================================================================================The average time it takes attackers to weaponize a vulnerability, either before or after a patch is released, shrank from 63 days in 2018-2019 to just five days last year [![Editor](https://web-assets.esetstatic.com/tn/-x45/wls/2013/12/pen-tip-200.png)](/en/our-experts/editor/ ‘Editor’) [**Editor**](/en/our-experts/editor/ ‘Editor’)18 Oct 2024 As many as 97 out of the 138 vulnerabilities disclosed as actively exploited in the wild in 2023 were [zero-days](https://www.welivesecurity.com/2015/02/11/security-terms-explained-zero-day-mean/), according to a [report from Mandiant](https://cloud.google.com/blog/topics/threat-intelligence/time-to-exploit-trends-2023). The rest of the software flaws under review were exploited as n-days; i.e., vulnerabilities first exploited after patches are made available (versus zero days, which are abused before patches are released). The average time to exploit a software flaw has been shrinking considerably over the years — from 63 days in 2018-2019 all the way to only five days last year.These and other figures in the report underscore a disconcerting trend: threat actors are rapidly getting better at spotting and weaponizing software vulnerabilities, which clearly poses an escalating threat to businesses and individuals alike.What else did the report find and how does the market for zero-day exploits factor into the problem? Find out in the video.Connect with us on [Facebook](https://www.facebook.com/eset), [Twitter](https://twitter.com/ESET), [LinkedIn](https://www.linkedin.com/company/eset/) and [Instagram](https://www.instagram.com/eset/). *** ** * ** ***Let us keep youup to date—————————–Sign up for our newsletters Ukraine Crisis newsletter Regular weekly newsletter Subscribe #### Related Articles*** ** * ** ***[Video, Kids OnlineProtecting children from grooming -| Unlocked 403 cybersecurity podcast (ep. 7)![Protecting children from grooming | Unlocked 403 cybersecurity podcast (ep. 7)](https://web-assets.esetstatic.com/tn/-x145/wls/2024/10-2024/cybersecurity-podcast-grooming-children.png)Video, Kids OnlineProtecting children from grooming -| Unlocked 403 cybersecurity podcast (ep. 7)](/en/videos/protecting-children-grooming-unlocked-403-cybersecurity-podcast-ep-7/ ‘Protecting children from grooming | Unlocked 403 cybersecurity podcast (ep. 7)’) *** ** * ** ***[VideoGoldenJackal jumps the air gap … twice — Week in security with Tony Anscombe![GoldenJackal jumps the air gap … twice – Week in security with Tony Anscombe](https://web-assets.esetstatic.com/tn/-x145/wls/2024/10-2024/week-security-goldenjackal-air-gap.png)VideoGoldenJackal jumps the air gap … twice — Week in security with Tony Anscombe](/en/videos/goldenjackal-jumps-air-gap-twice-week-security-tony-anscombe/ ‘GoldenJackal jumps the air gap … twice – Week in security with Tony Anscombe’) *** ** * ** ***[VideoThe complexities of attack attribution — Week in security with Tony Anscombe![The complexities of attack attribution – Week in security with Tony Anscombe](https://web-assets.esetstatic.com/tn/-x145/wls/2024/10-2024/cyberattack-attribution-ceranakeeper-mustangpanda.png)VideoThe complexities of attack attribution — Week in security with Tony Anscombe](/en/videos/complexities-attack-attribution-week-security-tony-anscombe/ ‘The complexities of attack attribution – Week in security with Tony Anscombe’) ### Similar Articles[Digital SecuritySecurity terms explained: What does Zero Day mean?](/2015/02/11/security-terms-explained-zero-day-mean/ ‘Security terms explained: What does Zero Day mean?’)*** ** * ** ***[ESET researchA tale of two zero-days![A tale of two zero-days](https://web-assets.esetstatic.com/tn/-x82/wls/2018/05/0days-pdf.jpeg)](/2018/05/15/tale-two-zero-days/ ‘A tale of two zero-days’)*** ** * ** ***[ESET researchWinter Vivern exploits zero-day vulnerability in Roundcube Webmail servers![Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers](https://web-assets.esetstatic.com/tn/-x82/wls/2023/2023-10/winter-wivern/one-login.jpeg)](/en/eset-research/winter-vivern-exploits-zero-day-vulnerability-roundcube-webmail-servers/ ‘Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers’)*** ** * ** ***### Share Article[](https://www.facebook.com/sharer/sharer.php?u=https://www.welivesecurity.com/en/videos/threat-actors-exploiting-zero-days-faster-ever-week-security-tony-anscombe/ ‘Facebook’) [](https://www.linkedin.com/shareArticle?mini=true&url=https://www.welivesecurity.com/en/videos/threat-actors-exploiting-zero-days-faster-ever-week-security-tony-anscombe/ ‘LinkedIn’) [](https://twitter.com/intent/tweet?url=https://www.welivesecurity.com/en/videos/threat-actors-exploiting-zero-days-faster-ever-week-security-tony-anscombe/ ‘Twitter’) [](mailto:?&subject=I wanted you to see this site&body=https://www.welivesecurity.com/en/videos/threat-actors-exploiting-zero-days-faster-ever-week-security-tony-anscombe/ ‘mail’) [](https://www.welivesecurity.com/en/videos/threat-actors-exploiting-zero-days-faster-ever-week-security-tony-anscombe/ ‘copy’) ![Apt Activity Report](https://www.welivesecurity.com/build/assets/apt-activity-report-4523d00f.webp) ### Discussion

Related Tags:
NAICS: 54 – Professional

Scientific

Technical Services

NAICS: 561 – Administrative And Support Services

NAICS: 334 – Computer And Electronic Product Manufacturing

NAICS: 541 – Professional

Scientific

Technical Services

NAICS: 33 – Manufacturing – Metal

Electronics And Other

Blog: ESET We Live Security

Associated Indicators:

Search

Popular Posts

Categories

Archives

Tags

Follow Us