Attackers are exploiting newly disclosed vulnerabilities faster than before, and most of that activity now centers on N-day flaws rather than true zero-days, according to Flashpoint research summarized by Infosecurity Magazine. The finding points to a sharp drop in the average time between public disclosure and observed exploitation, compressing the window defenders have to patch exposed systems.
N-day flaws are vulnerabilities that are already public and often already patched by vendors, but remain exploitable in organizations that have not updated or mitigated affected systems. Flashpoint’s warning reflects a broader pattern seen across recent incidents: once technical details or proof-of-concept code emerge, threat actors can quickly turn them into mass scanning and exploitation campaigns, especially against internet-facing products such as firewalls, file-transfer tools, and VPN gateways.
The operational impact is straightforward. Security teams can no longer assume they have days or weeks to evaluate and roll out fixes for high-risk bugs. Attackers are increasingly using automation to identify vulnerable targets within hours of disclosure, while ransomware affiliates and initial access brokers continue to favor known flaws that offer fast entry at scale. In practice, that means patch lag, incomplete asset inventories, and overlooked edge devices can turn a public advisory into an active breach path almost immediately.
The trend aligns with repeated examples from the past few years, including rapid exploitation of Log4Shell, MOVEit Transfer, Cisco IOS XE, and perimeter-device vulnerabilities from major network and security vendors. CISA’s Known Exploited Vulnerabilities catalog also shows how often disclosed bugs move from advisory to active abuse, reinforcing that public disclosure should be treated as a trigger for urgent exposure review, not routine maintenance.
For defenders, the message is less about chasing every CVE and more about prioritizing what is reachable and valuable. Internet-facing assets, remote access systems, and externally exposed management interfaces should move to the front of the queue, with compensating controls applied when patching cannot happen immediately.
