One of the clearest trends in the 2025 Talos Year in Review is just how quickly vulnerabilities are now being turned into working exploits. What used to take weeks or months is now happening in days, sometimes hours — and in some cases, exploitation is beginning almost immediately after vulnerability details are made public.
The process of exploitation itself is changing. With the increasing availability of proof-of-concept code, automation, and AI-assisted tooling, certain vulnerabilities can very quickly become weaponized, which is what we saw with React2Shell.
At the same time, the data shows that attackers are not just chasing new vulnerabilities. They are consistently targeting what is exposed, accessible, and valuable.
On one end of the spectrum, near-instant exploitation.
On the other, long-standing vulnerabilities that remain unaddressed.
Attackers are using a combination of speed, scale, and accessibility to reduce the window defenders have to respond, while increasing the impact when they can’t.
In the latest episode of the Talos Threat Perspective, we explore what the ‘industrialization of exploitation’ looks like in practice, and what it means for defenders trying to prioritise risk in an increasingly compressed timeline.
▶️ Watch the full episode below.