Rapid7 report shows vulnerability exploitation overtakes social engineering as top attack entry point

• Rapid7’s Q1 2026 Threat Landscape Report flagged vulnerability exploitation as the top initial access vector, representing 38% of incident response cases, ahead of social engineering at 24%.
• Half of actively exploited vulnerabilities were zero-click, network-facing flaws, accelerating compromise of exposed systems without user interaction.
• The median time from public disclosure to inclusion in CISA’s Known Exploited Vulnerabilities catalog fell to 5 days from 8.5 days for high- and critical-severity issues, tightening patching and remediation timelines.
• SQL injection ranked as the most exploited vulnerability type, displacing OS command injection as attackers focused on common web application weaknesses.
• Ransomware leak-site activity stayed fragmented, led by Qilin with 357 posts, followed by The Gentlemen with 206, then Akira with 174.

Disclaimer: This news brief was created by Public Technologies (PUBT) using generative artificial intelligence. While PUBT strives to provide accurate and timely information, this AI-generated content is for informational purposes only and should not be interpreted as financial, investment, or legal advice. Rapid7 Inc. published the original content used to generate this news brief via GlobeNewswire (Ref. ID: 202605210900PRIMZONEFULLFEED9724036) on May 21, 2026, and is solely responsible for the information contained therein.