2022 Vulnerability Intelligence Report

Widespread attacks and zero-day exploitation hit all-time highs in 2021, pushing security teams around the world to their limits and beyond. The attack landscape in 2022 was slightly more nuanced, as adversaries evolved operations and leveraged both new and known vulnerabilities to accomplish their goals. In Rapid7’s annual vulnerability intelligence report, they analyzed 50 of 2022’s most notable vulnerabilities and attacks to highlight exploitation trends and help security practitioners prioritize.

Here’s what they found:
Despite decreases, 2022 was still a year of serious risk
Net-new widespread threats were down 15% from their 2021 highs, but 28 widely exploited vulnerabilities still dominated our 2022 dataset.

Attackers are gearing up faster and faster
56% of the vulnerabilities in our report were exploited within seven days — a 12% increase YoY and an 87% rise over 2020.

Zero-day attacks are down slightly, but we’re not out of the woods
Zero-day exploits are down 9% from 2021 but have still plateaued at a high rate, which keeps the gap between vulnerability disclosure and exploitation small.