Header image

Exploited Vulnerabilities Were Mostly Zero-Days

Only five days were needed to exploit, Google Cloud Mandiant research finds.


Threat actors actively exploited 138 software vulnerabilities last year, 70 percent of which were zero-days.

Meanwhile vendors affected by the abused bugs rose from 44 in 2022 to a record high of 56 in 2023, reports BleepingComputer. The research from Google Cloud Mandiant also found that only five days were needed by malicious actors to exploit security flaws last year, indicating a significant decline from time to exploit periods of 32 days in 2021-2022 and 63 days in 2018-2019.

Also, the ratio between fixed flaws and zero-days declined from 4:6 between 2020 and 2022 to 3:7 last year, with the change attributed to escalated zero-day abuse and improved zero-day detection.


Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

No events found.