Attacker activity precedes the public disclosure of a new vulnerability in edge devices and its Common Vulnerabilities and Exposures (CVE) number in 80% of cases. This pre-disclosure activity can precede the CVE disclosure by up to six weeks.