Decoding the accelerated cyber attack cycle

Rapid7 has released its 2026 Global Threat Landscape Report: Decoding the Accelerated Cyber Attack Cycle, a report examining the evolving nature of cyber threats and the increasing speed at which vulnerabilities are exploited.

The report’s findings highlight a notable trend. High and critical severity vulnerabilities have increased, rising from 71 in 2024 to 146 in 2025. At the same time, the window between vulnerability disclosure and confirmed exploitation is becoming shorter, with attackers operationalising vulnerabilities within days of disclosure.

The report combines multiple data sources, including vulnerability publication data and incident response metrics, to provide a broader view of how exposure can lead to compromise. Key observations include:

• Accelerating Exploitation: The number of high-risk vulnerabilities indicates that these are being targeted soon after disclosure.
• Shrinking Weaponisation Timelines: The time from vulnerability disclosure to inclusion in security databases has decreased, particularly for high-severity vulnerabilities.
• Identity as a Key Target: Issues related to multi-factor authentication account for a significant portion of investigations, making identity a common access vector.
• Ransomware Activity: Ransomware continues to be involved in a substantial share of incident responses and is increasing in scale and frequency.
• Use of AI by Threat Actors: AI is increasingly being used to support attack development, including phishing content creation and other techniques.

The report notes that organisations need to respond more quickly to vulnerabilities as the time between disclosure and exploitation continues to decrease. The gap between identifying and addressing vulnerabilities is narrowing, making timely remediation and alignment with detection and response processes more important.

In summary, as threat actors increasingly incorporate AI into their activities, organisations are adjusting their approaches to detection and response. This shift highlights the need for timely remediation and co-ordinated security practices to address evolving threats.