Google’s Threat Intelligence Group (GTIG) unveiled critical findings on Thursday, revealing that in 2025, 90 zero-day vulnerabilities were exploited, with a significant portion targeting enterprise environments. This marks a growing trend in cyber threats facing businesses.
Rising Number of Zero-Days
The report highlighted a rise in zero-day vulnerabilities, increasing from 78 in 2024 to 90 in 2025. Notably, Microsoft was the leading source with 25 zero-days, followed by Google with 11, Apple with 8, and Cisco with 4. This highlights a persistent challenge in securing software across major tech companies.
Operating systems, both mobile and desktop, were heavily targeted, accounting for 44% of exploits in 2025, up from 40% the previous year. Mobile devices, in particular, saw a rise in zero-day vulnerabilities from 9 in 2024 to 15 in 2025, with multiple flaws often combined to achieve specific objectives.
Shifts in Exploit Attribution
In a significant development, commercial surveillance vendors (CSV) were identified as major actors for the first time, exploiting 15 zero-days. Additionally, 42 of the zero-days were attributed to specific threat actors, with state-sponsored groups, especially those linked to China, accounting for 12 exploits.
Google’s report emphasized ongoing activity from Chinese groups, such as UNC5221 and UNC3886, which target security appliances and edge devices to maintain access to strategic objectives. This persistence underscores the geopolitical dimensions of cybersecurity threats.
Enterprise Technologies Under Siege
Nearly half of the zero-day exploits in 2025 impacted enterprise technologies, marking an unprecedented level of targeting. Attacks frequently focused on networking and cybersecurity devices to establish initial access points.
The report warned of the risks posed by compromised edge infrastructure and the broader implications for interconnected enterprise platforms. Google anticipates that artificial intelligence (AI) will play a dual role in 2026, aiding both attackers in developing exploits and defenders in identifying and neutralizing threats.
For further insights and detailed analysis, Google’s comprehensive report provides an extensive overview of these evolving threats.
Related topics include the discovery of the nation-state iOS exploit kit ‘Coruna’ and ongoing vulnerabilities in Cisco’s SD-WAN products.
