On Thu, 8 Apr 2021 12:49:14 +1200, I wrote:
... from the moment SAP releases a security patch for its products, it only takes about 72 hours until bad hats have reverse-engineered the patch, figured out the security vulnerability it is meant to fix, and started releasing an exploit to take advantage of that vulnerability.
Here is a report <https://www.theregister.com/2021/05/19/hafnium_scans_5_mins_post_disclosure/> on a similar, if not worse, situation for Microsoft: Attackers began scanning for vulnerabilities just five minutes after Microsoft announced there were four zero-days in Exchange Server, according to Palo Alto Networks. ... "Computing has become so inexpensive that a would-be attacker need only spend about $10 to rent cloud computing power to do an imprecise scan of the entire internet for vulnerable systems" ...