"In total, they documented 90 zero-day vulnerabilities that were actively exploited last year. That number is higher than in 2024, when 78 were identified, but remains below the record of 100 set in 2023. Although attacks on end-user products are still slightly more common, the report points to a shift toward enterprise technology."
"Security and network equipment were hit the hardest. A total of 21 of the enterprise-related zero-days related to these systems. In addition, fourteen vulnerabilities affected so-called edge devices, such as routers, switches, and gateways. This type of infrastructure is an attractive target because successful exploitation often provides access to broader corporate networks."
"Of the ninety zero-days, Google was able to attribute 42 to specific types of attackers. Fifteen of these were used by commercial spyware companies, with another three cases likely attributable to such parties. Twelve exploits were linked to state-sponsored espionage groups, seven of which originated in China."
Zero-day vulnerability exploits hit record levels in 2025 with 90 documented cases, surpassing 2024's 78 but remaining below 2023's peak of 100. A significant shift toward enterprise technology occurred, with 43 zero-days exploited in enterprise software and appliances representing 48 percent of attacks. Security and network equipment faced the heaviest targeting with 21 enterprise-related zero-days, while edge devices like routers and switches accounted for 14 vulnerabilities. These infrastructure targets are particularly attractive because successful exploitation provides access to broader corporate networks. Chinese cyber espionage groups emerged as the most active state actors, while commercial spyware companies played an increasingly significant role in exploitation activities.
#zero-day-vulnerabilities #enterprise-security-threats #chinese-cyber-espionage #commercial-spyware #network-infrastructure-attacks
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]