VendorsGreyNoise
GreyNoise
Cybersecurity reports and statistics published by GreyNoise
6 categories2 reports
Research Reports
Reports and publications from GreyNoise
Recent Statistics & Reports
When session volume and IP count spike simultaneously, lead time extends to 21 days.
5/27/2026•
Threat IntelligenceNetwork Security
78% of vendor-targeted surges begin within 21 days before the associated vulnerability disclosure.
5/27/2026•
Threat IntelligenceVulnerability Disclosure
GreyNoise sensors observe eight distinct surges targeting Cisco before the advisory for CVE-2026-20127, with the earliest surge occurring 39 days before disclosure.
5/27/2026•
Threat IntelligenceVendor SecurityCVE
SonicWall CVE-2026-0400 experienced six surges with lead times compressing from 37 days to 3 days and peak session volume reaching 69 times the median.
5/27/2026•
Vulnerability DisclosureThreat IntelligenceSonicWall
Fortinet CVE-2026-24858 provides one day of warning before disclosure.
5/27/2026•
Vulnerability DisclosureThreat IntelligenceCVE
Distributed surges average 21.3 days of lead time before disclosure.
5/27/2026•
Threat IntelligenceNetwork Security
Concentrated hosting surges average 7.5 days of lead time before disclosure.
5/27/2026•
Threat IntelligenceNetwork Security
68 of 104 detected surge events preceded a vendor-matched CVE, spanning 33 vulnerabilities across 16 vendor families.
5/27/2026•
Vulnerability DisclosureThreat IntelligenceVendor Security
The median lead time of vendor-targeted surges before a matched vulnerability disclosure is 11 days.
5/27/2026•
Threat IntelligenceVulnerability Disclosure
49% of vendor-targeted surges begin within 10 days before the associated vulnerability disclosure.
5/27/2026•
Threat IntelligenceVulnerability Disclosure
Attackers are getting quicker at exploiting newly found CVEs, with exploitation observed within hours of disclosure in 2024.
2/28/2025
A majority of the most exploited vulnerabilities in 2024 targeted home internet routers, including customer-facing fiber modems
2/28/2025
40% of vulnerabilities exploited in 2024 were from 2020 or earlier.
2/28/2025
GreyNoise detected the exploitation of 29 vulnerabilities before they were added to CISA’s KEV catalog.
2/28/2025
28% of the CVEs added to CISA’s KEV catalog were leveraged by ransomware groups.
2/28/2025
10% of vulnerabilities exploited in 2024 were from 2016 or earlier, with some dating back to the late 1990s, such as CVE-1999-0526.
2/28/2025