"Google Threat Intelligence Group tracked 43 zero-days in enterprise software and appliances in 2025, representing 48 percent of all attacks against these previously undisclosed bugs. That's up from 36 (46 percent) in 2024. In total, the Chocolate Factory documented 90 zero-day vulnerabilities actively exploited last year, which is more than 2024's number (78), but still not as many as 2023's record high of 100."
"Security and networking devices were the hardest hit, comprising nearly half (21) of the enterprise-related zero-days last year. Google also noted that 14 enterprise tech zero-days in 2025 affected edge devices, such as routers, switches, and gateways, but added, 'this figure likely underrepresents the true scale of activity due to inhibited detection capabilities.'"
"Many of these edge devices don't run endpoint security tools - which is why they make very attractive targets for attackers. Most of these enterprise attacks appear to be espionage related, and China-linked groups are the biggest offenders, Google's security sleuths told The Register."
"'Of the exploitation we were able to attribute, we identified a higher proportion of traditional state-sponsored espionage groups compared to CSVs or cybercrime groups,' cyber threat intelligence analyst James Sadowski said. This is noteworthy because in 2025, for the first time since they started tracking zero-day exploits, Google's threat intel group attributed more zero-days to CSVs than they did to traditional government-backed cyber snoops."
Google Threat Intelligence tracked 43 zero-day vulnerabilities in enterprise software and appliances during 2025, representing 48 percent of all zero-day exploits—an increase from 36 in 2024. Overall, 90 zero-day vulnerabilities were actively exploited in 2025, up from 78 in 2024. Security and networking devices comprised nearly half of enterprise-related zero-days, while 14 affected edge devices like routers and switches. Edge devices remain particularly vulnerable because they typically lack endpoint security tools. Most enterprise attacks appear espionage-related, with China-linked groups being the primary perpetrators. Notably, 2025 marked the first year Google attributed more zero-days to commercial surveillance vendors than to traditional government-backed cyber groups.
#zero-day-vulnerabilities #enterprise-security #state-sponsored-cyber-espionage #edge-device-exploitation #china-linked-threat-actors
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]