Forget zero-days - 'N-days' could be the most worrying security threat facing your systems today, here's why

News
By published

Average time to exploit has dropped significantly

Password recovery concept image showing man typing on a keyboard with an overlay imitating password recovery and data recovery principles
(Image credit: Shutterstock)
  • Flashpoint report claims over 80% of exploited flaws are n-days, not zero-days
  • Average time to exploit dropped from 745 days (2018) to just 44 days (2025)
  • Attackers focus on firewalls, VPNs, and edge devices; China most active in exploitation campaigns

While zero-day vulnerabilities may sound ominous, it is n-day ones which are driving most cyberattacks, experts have warned.

Security researchers Flashpoint unveiled new research based on entries in CISA’s KEV, as well as in-house data about the average Time to Exploit (TTE).

As per the analysis, more than 80% of all exploited vulnerabilities tracked over the past four years were not zero-days (newly discovered flaws without a patch), but rather n-days ones (those who were known for longer, and have already been mitigated with a patch or a workaround).

Firewalls and VPNs first targets

This might sound counter-intuitive, since patched vulnerabilities can be easily fixed by, well, deploying the patch. However, six years ago, the average Time to Exploit (the gap between public disclosure and observed exploitation) was 745 days, meaning defenders had a two-year grace period to patch, before expecting an attack.

Last year, TTE was down to 44 days. That means that cybercriminals are actively monitoring news of newly patched vulnerabilities and are acting fast to exploit them. It is easier to lean onto an already known vulnerability, rather than hunt for one themselves, and if the victims aren’t diligent with patching, they become low-hanging fruit.

Of all the different hardware and software, they can target, miscreants are primarily interested in security and perimeter technologies, such as firewalls, VPN gateways, and edge devices. They are every attacker’s first choice because they must remain internet-facing, and as such are a logical first step.

Nation-state activity “remains prominent”, Flashpoint added, stressing that China was identified as the most active vendor in vulnerability exploitation campaigns.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.