CyberWire Daily The CVE countdown clock. [Research Saturday]
21 snips
Aug 16, 2025 Bob Rudis, VP of Data Science at GreyNoise, shares fascinating insights into how early warning signals can indicate impending vulnerabilities in cybersecurity. He reveals that spikes in malicious activity against technologies like VPNs often occur weeks before new CVEs are disclosed. The discussion highlights a critical six-week window for defenders to react. Rudis provides actionable strategies for recognizing these patterns and emphasizes the importance of intuition in threat analysis, showcasing how gut feelings can play a pivotal role even in a data-driven world.
AI Snips
Chapters
Transcript
Episode notes
From Gut Call To Systematic Study
- Bob Rudis describes repeated instances where spikes preceded serious CVEs, prompting the formal study.
- GreyNoise built a new sensor fleet and combed months of events to validate the pattern.
Six-Week Spike-to-CVE Pattern
- GreyNoise validated that scanning spikes on enterprise edge tech often precede CVE disclosures by about four to six weeks.
- They analyzed ~200 spike events across several technologies to measure this pattern.
Old-CVE Scans Used As Inventory
- Attackers often scan using older CVEs as a covert inventory technique before deploying new exploits.
- That inventory helps them identify targets and may coincide with creating exploits that later yield CVEs.