Zero-day exploitation velocity accelerates: 74.4% of exploited CVEs are now zero-days

According to ZeroDayClock data, 74.4% of all exploited CVEs in 2026 are now zero-day exploits (exploited before or on disclosure day), a dramatic increase from 16.1% in 2018, with mean time-to-exploit now measured at approximately one week. The exploit rate in 2026 is 82 of 18,529 published CVEs (0.44%) confirmed exploited in the wild. Google's Threat Intelligence Group tracked 90 zero-day vulnerabilities exploited in 2025, a 15% increase over 2024. 48% of exploited zero-days targeted enterprise infrastructure (VPNs, firewalls, identity platforms, virtualization) in 2025. Cisco Talos reported 9 open zero-day reports and 22 publicly disclosed vulnerabilities in 2026 as of May 4.