N-days Are Becoming N-hours
Anthropic's June 2026 N-day research shows how frontier models can turn public patches into working exploits in hours. Here's what defenders should change now.
Vulnerability Management
7 articles
Verizon DBIR 2026: The Remediation Paradox
Verizon's 2026 DBIR confirms vulnerability exploitation as the #1 breach vector for the first time in 19 years — while remediation rates dropped and patch times increased. Here's what the data actually says.
500 Microsoft CVEs Later — We're Still Measuring Security Wrong
Microsoft patched 500+ vulnerabilities in five months. Linux ecosystems patched even more. So which is more secure? That's the wrong question — here's the metric that actually matters.
Non-Human Identities: The Attack Surface Your Security Team Isn't Managing
Service accounts, API keys, OAuth tokens and machine credentials now outnumber human identities 144 to 1. Most organizations have zero visibility into them. Attackers do.
Why Enterprise VPN and Gateway Products Are Perpetually Broken
Ivanti, Fortinet, Palo Alto — the names change but the pattern doesn't. Here's the structural reason why enterprise edge devices are permanently on fire and what you can do about it.
From CVE to RCE in Hours: The Collapse of the Exploitation Window
The average time from vulnerability disclosure to active exploitation has collapsed from 756 days in 2018 to mere hours in 2025. Here's what that means for defenders.
Vulnerability Exploitation Overtook Phishing — What That Means for Defenders
For the first time, vulnerability exploitation is the #1 initial access vector — not phishing. Here's what the data says and how defenders must adapt.