Exploit activity surged 56%

48,174 CVEs were published in 2025, an annual total that translated to roughly 127–131 vulnerability disclosures per day. (indusface.com) The Forum of Incident Response and Security Teams (FIRST) projected a median of about 59,000 new CVEs in 2026, marking the first year the industry is expected to surpass 50,000 published CVEs. (first.org) Multiple researchers reported that known-exploited vulnerabilities (KEVs) were often weaponized on or before public disclosure, a pattern described as exploit velocity outpacing patching capacity. (cyberstrategyinstitute.com) Industry analyses cite attacker timelines showing many vulnerabilities are weaponized within about 15 days of disclosure, shrinking practical patching windows for understaffed IT teams. (pixee.ai) CISA’s Binding Operational Directive (BOD 22-01) requires Federal Civilian Executive Branch agencies to remediate KEV-listed vulnerabilities by prescribed due dates, and CISA added CVE‑2026‑33017 to the KEV catalog with a remediation deadline of April 8, 2026. (cisa.gov) The SANS Institute’s RSAC 2026 keynote on March 24, 2026 identified five “most dangerous” new attack techniques—each carrying an AI dimension—and media coverage summarized the panel’s emphasis on faster attacker development cycles. (sans.org) Education-focused MDM deployments have scaled: a vendor case study described a Maryland school district rollout covering 6,500 devices, showing MDM can centralize updates and configurations for large K‑12 fleets. (datanetworks.com) Vendors and automation vendors report that automating patch and remediation workflows can cut manual processes by roughly half, and platform vendors such as NinjaOne report managing endpoint and MDM operations for more than 20,000 customers—data points that underscore why automation is being pitched as a force-multiplier for small IT teams facing accelerating exploit volumes. (readyworks.com)