Before Cisco disclosed a CVSS 10.0 zero-day, GreyNoise sensors observed eight surges of targeting activity compressing from 39 days to 2 days. That countdown pattern repeated across 33 CVEs and 16 vendor families, with a median lead time of 11 days — confirmed by rigorous statistical testing.

You'll learn:

• How countdown compression works — and what a third surge in a tightening sequence means for your patch queue
• Which infrastructure patterns signal imminent disclosure — 11 ASNs across 3+ vendors, concentrated hosting cutting lead time from 21 days to 7.5
• Why session volume is the primary signal, how IP count qualifies it, and what that means for detection engineering

Who should attend:

• Vulnerability management teams looking for a new input to patch staging — beyond CVSS and disclosure date
• Threat intelligence analysts building collection priorities around cross-vendor infrastructure patterns
• Security leaders evaluating whether sensor data can close the gap Mandiant identified in M-Trends 2026

Speakers