Half of 2025’s Zero-Day Exploits Target Businesses: Google

Half of 2025’s Zero-Day Exploits Target Businesses: Google

Posted on By CWS

Google’s Threat Intelligence Group (GTIG) unveiled critical findings on Thursday, revealing that in 2025, 90 zero-day vulnerabilities were exploited, with a significant portion targeting enterprise environments. This marks a growing trend in cyber threats facing businesses.

Rising Number of Zero-Days

The report highlighted a rise in zero-day vulnerabilities, increasing from 78 in 2024 to 90 in 2025. Notably, Microsoft was the leading source with 25 zero-days, followed by Google with 11, Apple with 8, and Cisco with 4. This highlights a persistent challenge in securing software across major tech companies.

Operating systems, both mobile and desktop, were heavily targeted, accounting for 44% of exploits in 2025, up from 40% the previous year. Mobile devices, in particular, saw a rise in zero-day vulnerabilities from 9 in 2024 to 15 in 2025, with multiple flaws often combined to achieve specific objectives.

Shifts in Exploit Attribution

In a significant development, commercial surveillance vendors (CSV) were identified as major actors for the first time, exploiting 15 zero-days. Additionally, 42 of the zero-days were attributed to specific threat actors, with state-sponsored groups, especially those linked to China, accounting for 12 exploits.

Google’s report emphasized ongoing activity from Chinese groups, such as UNC5221 and UNC3886, which target security appliances and edge devices to maintain access to strategic objectives. This persistence underscores the geopolitical dimensions of cybersecurity threats.

Enterprise Technologies Under Siege

Nearly half of the zero-day exploits in 2025 impacted enterprise technologies, marking an unprecedented level of targeting. Attacks frequently focused on networking and cybersecurity devices to establish initial access points.

The report warned of the risks posed by compromised edge infrastructure and the broader implications for interconnected enterprise platforms. Google anticipates that artificial intelligence (AI) will play a dual role in 2026, aiding both attackers in developing exploits and defenders in identifying and neutralizing threats.

For further insights and detailed analysis, Google’s comprehensive report provides an extensive overview of these evolving threats.

Related topics include the discovery of the nation-state iOS exploit kit ‘Coruna’ and ongoing vulnerabilities in Cisco’s SD-WAN products.

Security Week News Tags:, , , , , , , , , ,

Related Posts

42,000 Impacted by Ingram Micro Ransomware Attack 42,000 Impacted by Ingram Micro Ransomware Attack Security Week News
Saporo Raises Million for Identity Security Platform Saporo Raises $8 Million for Identity Security Platform Security Week News
Microsoft Disables Downloaded File Previews to Block NTLM Hash Leaks Microsoft Disables Downloaded File Previews to Block NTLM Hash Leaks Security Week News
SonicWall Patches Exploited SMA 1000 Zero-Day SonicWall Patches Exploited SMA 1000 Zero-Day Security Week News
In Other News: ATM Jackpotting, WhatsApp-NSO Lawsuit Continues, CISA Hiring In Other News: ATM Jackpotting, WhatsApp-NSO Lawsuit Continues, CISA Hiring Security Week News
Discord Says User Information Stolen in Third-Party Data Breach Discord Says User Information Stolen in Third-Party Data Breach Security Week News