
The internet changes before the advisory drops. GreyNoise found that activity surges in sensor data precede vulnerability disclosures by a median of 11 days β a pattern that held across 33 CVEs and 16 vendor families, confirmed by rigorous statistical testing.
The study tracked 147.8 million sessions across 18 vendors over 103 days, identifying 68 pre-disclosure surges and documenting the countdown compression patterns, infrastructure concentration shifts, and attack-type progressions that precede public CVE advisories.
The internet changes before the advisory drops. GreyNoise found that activity surges in sensor data precede vulnerability disclosures by a median of 11 days β a pattern that held across 33 CVEs and 16 vendor families, confirmed by rigorous statistical testing.
The study tracked 147.8 million sessions across 18 vendors over 103 days, identifying 68 pre-disclosure surges and documenting the countdown compression patterns, infrastructure concentration shifts, and attack-type progressions that precede public CVE advisories.