Half of 2025’s Zero-Day Exploits Target Businesses: Google

Half of 2025’s Zero-Day Exploits Target Businesses: Google

Posted on By CWS

Google’s Threat Intelligence Group (GTIG) unveiled critical findings on Thursday, revealing that in 2025, 90 zero-day vulnerabilities were exploited, with a significant portion targeting enterprise environments. This marks a growing trend in cyber threats facing businesses.

Rising Number of Zero-Days

The report highlighted a rise in zero-day vulnerabilities, increasing from 78 in 2024 to 90 in 2025. Notably, Microsoft was the leading source with 25 zero-days, followed by Google with 11, Apple with 8, and Cisco with 4. This highlights a persistent challenge in securing software across major tech companies.

Operating systems, both mobile and desktop, were heavily targeted, accounting for 44% of exploits in 2025, up from 40% the previous year. Mobile devices, in particular, saw a rise in zero-day vulnerabilities from 9 in 2024 to 15 in 2025, with multiple flaws often combined to achieve specific objectives.

Shifts in Exploit Attribution

In a significant development, commercial surveillance vendors (CSV) were identified as major actors for the first time, exploiting 15 zero-days. Additionally, 42 of the zero-days were attributed to specific threat actors, with state-sponsored groups, especially those linked to China, accounting for 12 exploits.

Google’s report emphasized ongoing activity from Chinese groups, such as UNC5221 and UNC3886, which target security appliances and edge devices to maintain access to strategic objectives. This persistence underscores the geopolitical dimensions of cybersecurity threats.

Enterprise Technologies Under Siege

Nearly half of the zero-day exploits in 2025 impacted enterprise technologies, marking an unprecedented level of targeting. Attacks frequently focused on networking and cybersecurity devices to establish initial access points.

The report warned of the risks posed by compromised edge infrastructure and the broader implications for interconnected enterprise platforms. Google anticipates that artificial intelligence (AI) will play a dual role in 2026, aiding both attackers in developing exploits and defenders in identifying and neutralizing threats.

For further insights and detailed analysis, Google’s comprehensive report provides an extensive overview of these evolving threats.

Related topics include the discovery of the nation-state iOS exploit kit ‘Coruna’ and ongoing vulnerabilities in Cisco’s SD-WAN products.

Security Week News Tags:, , , , , , , , , ,

Related Posts

CISA: CVE Program to Focus on Vulnerability Data Quality CISA: CVE Program to Focus on Vulnerability Data Quality Security Week News
Mesh Security Raises Million for CSMA Platform Mesh Security Raises $12 Million for CSMA Platform Security Week News
Vulnerability in Totolink Range Extender Allows Device Takeover Vulnerability in Totolink Range Extender Allows Device Takeover Security Week News
Hirundo Raises Million to Eliminate AI’s Bad Behavior Hirundo Raises $8 Million to Eliminate AI’s Bad Behavior Security Week News
UK’s Ransomware Payment Ban: Bold Strategy or Dangerous Gamble? UK’s Ransomware Payment Ban: Bold Strategy or Dangerous Gamble? Security Week News
Victoria’s Secret Says It Will Postpone Earnings Report After Recent Security Breach Victoria’s Secret Says It Will Postpone Earnings Report After Recent Security Breach Security Week News