Cybercriminals are now exploiting newly disclosed vulnerabilities within 24 to 48 hours, down from about a week in the past. This new finding comes from Fortinet’s 2026 Global Threat Landscape Report, published today.
For several of the critical outbreaks tracked during 2025, exploitation appeared the same day as disclosure, or the day after. Fortinet calls this industrialized cybercrime: reconnaissance, exploit packaging, and execution running as continuous, automated workflows instead of discrete campaigns.
Most exploitation techniques now leverage existing material rather than new development. Public proof-of-concept (PoC) and working exploit code are already in circulation for many of the vulnerabilities Fortinet saw under active attack, which means attackers can move on a new disclosure in hours.
The report also flagged AI-enabled offensive tools sold in underground marketplaces, including WormGPT, FraudGPT, HexStrike AI, and BruteForceAI.
These products are pitched at attackers wanting to automate reconnaissance, credential abuse, and attack-path generation without having the skills traditionally required for such attacks.
Ransomware Victim Count Hits 7,831 Globally
The downstream impact looks similar. FortiRecon intelligence recorded 7,831 confirmed ransomware victims worldwide in 2025, a 389% increase year-on-year. Activity stayed steady throughout the year and clustered around a handful of high-volume operators, in cluding Qilin, Akira, and Safepay.
Stolen identity data feeds much of that activity. The report counts 4.62 billion stealer logs traded on darknet markets in 2025, up 79% on the previous year, with the credentials going on to support initial-access brokerage, ransomware staging, and ongoing account abuse against enterprise services.
“Criminals have established a scalable business model, and we expect to see ransomware attack volume to continue growing,” Trey Ford, Chief Strategy and Trust Officer at Bugcrowd, told Expert Insights.
Ford added that reported incidents will likely understate the true total, as larger targets with the highest payout potential have invested most heavily in mitigation.The full report is available here, with regional breakdowns, sector targeting, and operational guidance for security teams.
