Zero Day Clock: Hackers Exploit New Vulnerabilities in Under Two Hours
The Zero Day Clock website visualizes the speed at which vulnerabilities are exploited. Data reveals that attackers can now exploit recently disclosed vulnerabilities in an average of less than two hours.

Security experts are increasingly referencing the Zero Day Clock website, which provides real-time data on how quickly cyberattackers begin exploiting security vulnerabilities after their public disclosure. The site aims to illustrate a rapidly accelerating threat trend, with recent data indicating that attackers can now exploit newly disclosed vulnerabilities in an average of less than two hours.
The Zero Day Clock project was initiated by Sergej Epp, Chief Information Security Officer (CISO) at Sysdig. It aggregates threat intelligence from sources including CISA's Known Exploited Vulnerabilities (KEV) catalog and VulnCheck, analyzing over 3,500 actual vulnerability exploitation events. The platform visualizes the evolving efficiency of attackers in real-time.
A key metric tracked is the "Time-to-Exploit" (TTE)—the duration from a vulnerability's public disclosure to its first documented exploitation. Since 2018, this window has been rapidly shrinking. In 2025, vulnerabilities were exploited on average after 21.5 days. As of July 5, 2026, the average TTE has fallen to under two hours.
Epp stated that the project's goal is to provide organizations, security teams, researchers, and policymakers with a clear understanding of this trend. The shrinking exploitation window necessitates that companies reassess their vulnerability response, patch management, and threat monitoring strategies to mitigate the risk of significant losses from cyberattacks.