Google has released its annual zero-day report, revealing that 90 vulnerabilities were exploited in the wild before patches were released in 2025. Nearly half of these attacks targeted enterprise hardware and software, marking an all-time high. For the first time, commercial spyware vendors outpaced state actors in the annual tally of zero-day exploits.

90 Exploits, 43 Targeting Enterprises

The Google Threat Intelligence Group tracked 90 zero-day exploits in 2025, compared to 78 in 2024 and 100 in 2023. While the total number remains relatively consistent, the distribution has shifted significantly: 43 of these vulnerabilities (48%) targeted enterprise systems, a record high.

Key details:

  • 21 zero-days targeted security software and network appliances
  • 14 targeted edge devices like routers, VPN gateways, and firewalls

These devices are particularly vulnerable because they often lack traditional detection tools, making them attractive targets for attackers.

Spyware Vendors Outpace State Actors

Of the 42 exploits with identifiable origins:

  • 15 were linked to commercial spyware companies, including NSO Group, Intellexa, and Candiru
  • 12 were attributed to state-sponsored actors, including 7 connected to China
  • 9 were the work of traditional cybercriminals

This marks the first time that commercial spyware vendors lead the annual zero-day ranking, surpassing state-backed actors.

Microsoft remains the most targeted vendor, followed by Google (11 exploits) and Apple (8 exploits). Exploits targeting browsers are declining, while operating system vulnerabilities are on the rise.

AI Could Accelerate Zero-Day Discovery

Google warns that this trend is likely to continue. Enterprise network devices will remain prime targets, and artificial intelligence may speed up the discovery of new vulnerabilities.

READ 👉  Edge-to-Cloud Security: The Complete Guide to Protecting Modern Infrastructure

Some progress has been made: certain types of vulnerabilities are nearly eliminated thanks to ongoing security investments by software vendors. But attackers adapt quickly, now focusing on the least protected surfaces, particularly edge devices that handle sensitive traffic without supervision.

Conclusion

Tracking 90 zero-day vulnerabilities in a single year is alarming. The fact that commercial spyware vendors now surpass state actors highlights how digital espionage has become a thriving business. Enterprises must strengthen defenses, especially on network edge devices, to counter this growing threat.

Did you enjoy this article? Feel free to share it on social media and subscribe to our newsletter so you never miss a post!

And if you'd like to go a step further in supporting us, you can treat us to a virtual coffee ☕️. Thank you for your support ❤️!
Buy Me a Coffee
⚠️ Legal Disclaimer: This website is an informational and educational tech blog. The content provided aims to help users better understand technologies, software, online tools, and digital practices.

We do not support or promote any form of piracy, copyright infringement, or illegal use of software, video content, or digital resources.

Any mention of third-party sites, tools, or platforms is purely for informational purposes. It is the responsibility of each reader to comply with the laws in their country, as well as the terms of use of the services mentioned.

We strongly encourage the use of legal, open-source, or official solutions in a responsible manner.

Categorized in:

Cybersecurity

Tagged in:

, , , , , , , , ,