"Historically, traditional state-sponsored cyber espionage groups have been the most prolific attributed users of zero-day vulnerabilities. [But] over the last few years, the increase of zero-day exploitation attributed to CSVs and their customers has demonstrated the growing ability of these vendors to provide zero-day access to a wider range of threat actors than ever before."
"GTIG has reported extensively on the capabilities CSVs provide their clients, as well as how many CSV customers use zero-day exploits in attacks which erode civil liberties and human rights. In late 2025, we reported on how Intellexa, a prolific procurer and user of zero-days, adapted its operations and tool suite and continues to deliver extremely capable spyware to high paying customers."
"Of 42 unique zero-days it tracked in 2025, it was able to firmly attribute first exploitation of 15 to commercial surveillance vendors (CSVs), compared with 12 that were first exploited by nation-states - seven by China, and nine by financially motivated cyber criminals."
Google Threat Intelligence Group tracked 42 unique zero-day vulnerabilities in 2025, finding that commercial surveillance vendors (CSVs) exploited 15 of them first, exceeding nation-state actors who exploited 12. Nation-state exploitations included seven by China and nine by financially motivated cybercriminals. The report notes three additional zero-days likely exploited by China and one possibly involving both cybercriminals and nation-states. Despite CSVs improving operational security to hide unethical activities, their zero-day exploitation has grown significantly over recent years. Historically, state-sponsored groups dominated zero-day usage, but CSVs now provide zero-day access to diverse threat actors, enabling attacks that undermine civil liberties and human rights. Intellexa exemplifies this trend, adapting operations to deliver advanced spyware to high-paying customers.
#zero-day-vulnerabilities #commercial-spyware-vendors #cyber-threat-intelligence #nation-state-actors #cybersecurity-threats
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]