new cybersecurity report from Google reveals that 90 zero-day vulnerabilities were actively exploited in 2025, with almost half of them targeting enterprise technologies. The findings highlight a growing shift among cybercriminals and state-backed hackers toward attacking corporate infrastructure rather than consumer platforms.
The analysis was released by Google’s Google Threat Intelligence Group, which tracks emerging cyber threats worldwide.
Zero-Day Attacks Remain a Major Threat
A zero-day vulnerability refers to a software flaw that is exploited by attackers before developers have time to release a security patch. These vulnerabilities are highly valuable to hackers because they allow immediate access to systems without existing defenses.
According to the report, the number of exploited zero-days fluctuated slightly over the past few years:
- 2025: 90 vulnerabilities discovered
- 2024: 78 vulnerabilities
- 2023: 100 vulnerabilities
Although the total dropped compared to 2023, researchers noted that the targets and complexity of attacks are evolving rapidly.
Major Technology Companies Most Affected
Several major technology vendors saw their products targeted by zero-day exploits in 2025.
The report identified the following distribution:
- Microsoft — 25 vulnerabilities
- Google — 11 vulnerabilities
- Apple — 8 vulnerabilities
- Cisco — 4 vulnerabilities
Operating systems, including both desktop and mobile platforms, remained the most frequently targeted category, accounting for 44% of all zero-day attacks in 2025, up from 40% in 2024.
Mobile and Browser Attack Trends
The number of mobile device exploits increased noticeably, rising from nine vulnerabilities in 2024 to fifteen in 2025. Researchers observed that attackers often combine multiple vulnerabilities in a chain to achieve full system access.
In contrast, the number of browser-based zero-day attacks continued to decline. While this may indicate stronger browser security protections, experts warn it could also mean that modern attacks are becoming more advanced and harder to detect.
Spyware Vendors and Nation-State Hackers Behind Many Attacks
Out of the 90 exploited vulnerabilities, researchers were able to attribute 42 attacks to specific threat actors.
For the first time, commercial spyware developers emerged as the largest group behind zero-day exploitation, using 15 vulnerabilities. Three additional vulnerabilities were also believed to be linked to these surveillance vendors.
State-sponsored cyber-espionage groups accounted for 12 confirmed exploits, with three more suspected cases.
A significant portion of these attacks were linked to hacking groups connected to China. According to Google’s researchers, Chinese-linked cyber units have consistently remained among the most active users of zero-day vulnerabilities globally.
Some of these groups focus heavily on compromising security appliances and network edge devices to maintain long-term access to strategic targets.
Enterprises Increasingly Under Attack
One of the most striking findings from the report is the surge in attacks targeting enterprise technologies.
In 2025, 43 zero-day vulnerabilities impacted enterprise systems, representing nearly half of all recorded exploits—the highest level ever tracked by Google.
Many attacks targeted:
- Network infrastructure devices
- Security appliances
- Enterprise software platforms
By exploiting these systems, attackers can gain privileged access to entire networks and sensitive corporate data.
Researchers warn that the compromise of trusted network infrastructure poses a particularly serious risk because these systems often control large volumes of data and internal communications.
Artificial Intelligence Set to Shape Cybersecurity in 2026
The report also predicts that artificial intelligence will play a larger role in cybersecurity battles in 2026.
Threat actors may use AI tools to accelerate vulnerability discovery and develop new exploits faster. However, security teams can also leverage AI to detect unknown vulnerabilities earlier and strengthen defensive operations.
Experts say the evolving cyber threat landscape means organizations must continue investing in proactive security measures to stay ahead of increasingly sophisticated attacks.
