The Annual Vulnerability Intelligence Report: 2022 Edition

Widespread attacks and zero-day exploitation hit all-time highs in 2021, pushing security teams around the world to their limits and beyond. The attack landscape in 2022 was slightly more nuanced, as adversaries evolved operations and leveraged both new and known vulnerabilities to accomplish their goals. In our annual vulnerability intelligence report, we analyzed 50 of 2022’s most notable vulnerabilities and attacks to highlight exploitation trends and help security practitioners prioritize.

Here’s what we found:

  • Despite decreases, 2022 was still a year of serious risk
    Net-new widespread threats were down 15% from their 2021 highs, but 28 widely exploited vulnerabilities still dominated our 2022 dataset.

  • Attackers are gearing up faster and faster
    56% of the vulnerabilities in our report were exploited within seven days — a 12% increase YoY and an 87% rise over 2020.

  • Zero-day attacks are down slightly, but we’re not out of the woods
    Zero-day exploits are down 9% from 2021 but have still plateaued at a high rate, which keeps the gap between vulnerability disclosure and exploitation small.



Rapid7 is trusted by over 11,000 customers