Half of 2025’s Zero-Day Exploits Target Businesses: Google

Half of 2025’s Zero-Day Exploits Target Businesses: Google

Posted on By CWS

Google’s Threat Intelligence Group (GTIG) unveiled critical findings on Thursday, revealing that in 2025, 90 zero-day vulnerabilities were exploited, with a significant portion targeting enterprise environments. This marks a growing trend in cyber threats facing businesses.

Rising Number of Zero-Days

The report highlighted a rise in zero-day vulnerabilities, increasing from 78 in 2024 to 90 in 2025. Notably, Microsoft was the leading source with 25 zero-days, followed by Google with 11, Apple with 8, and Cisco with 4. This highlights a persistent challenge in securing software across major tech companies.

Operating systems, both mobile and desktop, were heavily targeted, accounting for 44% of exploits in 2025, up from 40% the previous year. Mobile devices, in particular, saw a rise in zero-day vulnerabilities from 9 in 2024 to 15 in 2025, with multiple flaws often combined to achieve specific objectives.

Shifts in Exploit Attribution

In a significant development, commercial surveillance vendors (CSV) were identified as major actors for the first time, exploiting 15 zero-days. Additionally, 42 of the zero-days were attributed to specific threat actors, with state-sponsored groups, especially those linked to China, accounting for 12 exploits.

Google’s report emphasized ongoing activity from Chinese groups, such as UNC5221 and UNC3886, which target security appliances and edge devices to maintain access to strategic objectives. This persistence underscores the geopolitical dimensions of cybersecurity threats.

Enterprise Technologies Under Siege

Nearly half of the zero-day exploits in 2025 impacted enterprise technologies, marking an unprecedented level of targeting. Attacks frequently focused on networking and cybersecurity devices to establish initial access points.

The report warned of the risks posed by compromised edge infrastructure and the broader implications for interconnected enterprise platforms. Google anticipates that artificial intelligence (AI) will play a dual role in 2026, aiding both attackers in developing exploits and defenders in identifying and neutralizing threats.

For further insights and detailed analysis, Google’s comprehensive report provides an extensive overview of these evolving threats.

Related topics include the discovery of the nation-state iOS exploit kit ‘Coruna’ and ongoing vulnerabilities in Cisco’s SD-WAN products.

Security Week News Tags:, , , , , , , , , ,

Related Posts

Severe FreeScout Bug Threatens Server Security Severe FreeScout Bug Threatens Server Security Security Week News
Malware Now Uses AI During Execution to Mutate and Collect Data, Google Warns Malware Now Uses AI During Execution to Mutate and Collect Data, Google Warns Security Week News
Oracle Issues Critical Patch for Identity Manager Security Flaw Oracle Issues Critical Patch for Identity Manager Security Flaw Security Week News
Latest Android Update Fixes Zero-Day and 123 Vulnerabilities Latest Android Update Fixes Zero-Day and 123 Vulnerabilities Security Week News
Myanmar Military Shuts Down Major Cybercrime Center and Detains Over 2,000 People Myanmar Military Shuts Down Major Cybercrime Center and Detains Over 2,000 People Security Week News
Arkanix Stealer Malware Ceases Operations Quickly Arkanix Stealer Malware Ceases Operations Quickly Security Week News