Source: Rapid7 Cybersecurity Blog
Author: Rapid7 Labs
URL: https://www.rapid7.com/blog/post/tr-accelerating-attack-cycle-2026-global-threat-landscape-report/
ONE SENTENCE SUMMARY:
Rapid7’s 2026 report shows attacker speed collapsing remediation windows, industrialized cybercrime, identity-first intrusions, and AI-accelerated exploitation requiring proactive controls.
MAIN POINTS:
- Confirmed exploitation of new CVSS 7–10 vulnerabilities rose 105% year over year.
- Median time to CISA KEV inclusion dropped from 8.5 days to 5.0.
- Previously “safe” triage buffers shrank as severe flaws were exploited near-immediately.
- Reactive vulnerability management cycles increasingly fail against machine-speed adversaries.
- Underground operations mirror SaaS supply chains via brokers, operators, and subscription infostealers.
- Ransomware appeared in 42% of MDR investigations; leak posts grew 46.4%.
- Active ransomware groups expanded from 102 to 140, reflecting ecosystem maturity.
- Valid non-MFA accounts drove 43.9% of incidents, favoring “log in” over break in.
- Exploitation clustered around reliable weaknesses like deserialization, auth bypass, and memory corruption.
- AI boosted phishing, recon, and malware iteration while also expanding attack surface in AI systems.
TAKEAWAYS:
- Prioritize exposure reduction and preemptive remediation over scheduled patch cycles.
- Enforce MFA universally and harden session, token, and identity control-plane protections.
- Treat cybercrime specialization as a scalable market that rapidly monetizes access.
- Focus defenses on repeatable, pre-auth vectors rather than chasing sheer CVE volume.
- Implement AI governance and AI-enabled security workflows to match attacker velocity.