security Bearish 8

Google Reports 90 Zero-Day Exploits in 2025: Enterprise Software Under Siege

· 3 min read · Verified by 2 sources · By Cyber Intelligence Brief Editorial
Share

Key Takeaways

  • Google's Threat Intelligence Group (GTIG) identified 90 zero-day vulnerabilities exploited in the wild throughout 2025, marking a significant year for targeted attacks.
  • Notably, nearly 50% of these exploits targeted enterprise software and appliances, highlighting a shift toward high-value corporate infrastructure.

Mentioned

Google company GOOGL Google Threat Intelligence Group company

Key Intelligence

Key Facts

  1. 190 zero-day vulnerabilities were actively exploited in the wild during 2025
  2. 2Nearly 50% of all tracked zero-days targeted enterprise software and appliances
  3. 3The data was compiled and reported by the Google Threat Intelligence Group (GTIG)
  4. 4Enterprise edge devices like VPNs and firewalls are increasingly targeted due to lack of EDR visibility
  5. 5The shift indicates a strategic pivot by attackers from consumer devices to corporate infrastructure

Who's Affected

Enterprise Software Vendors
companyNegative
Google Threat Intelligence Group
companyPositive
State-Sponsored Actors
personPositive
Zero-Day Threat Environment

Analysis

The cybersecurity landscape in 2025 was defined by a relentless pursuit of zero-day vulnerabilities, with the Google Threat Intelligence Group (GTIG) documenting 90 such flaws exploited in active attacks. This volume underscores a persistent reality: despite advancements in secure coding and automated testing, sophisticated adversaries continue to find and weaponize unknown gaps in software at a steady clip. The most alarming trend within this data is the pivot toward enterprise software and edge appliances, which accounted for nearly half of the year's zero-day activity. This shift marks a strategic evolution for both state-sponsored actors and high-tier cybercriminal syndicates who are moving away from the well-defended consumer perimeter.

Enterprise appliances, such as VPN gateways, firewalls, and load balancers, have become the preferred entry point for modern threat actors. These devices often sit outside the traditional security stack, frequently lacking the endpoint detection and response (EDR) capabilities that protect workstations and servers. Because they operate with high privileges and provide direct access to internal networks, a single zero-day in an edge appliance can grant an attacker 'god-mode' access to an entire organization. Google’s findings suggest that attackers are increasingly investing in the research required to break these specialized systems, recognizing that the lack of visibility on these platforms allows for longer dwell times and more effective lateral movement.

The cybersecurity landscape in 2025 was defined by a relentless pursuit of zero-day vulnerabilities, with the Google Threat Intelligence Group (GTIG) documenting 90 such flaws exploited in active attacks.

This trend also reflects the maturing defensive posture of consumer platforms like Chrome and Android. While these remain targets, the 'cost per exploit' has risen significantly due to sandboxing, memory safety improvements, and rapid patching cycles. In contrast, the enterprise sector often struggles with a 'patching gap'—the time between a vendor releasing a fix and an organization deploying it across a complex, global infrastructure. For attackers, the ROI on an enterprise zero-day is currently higher than a consumer-facing one, as it facilitates high-stakes corporate espionage and large-scale ransomware operations.

What to Watch

Google's role in tracking these vulnerabilities is not merely academic; it is a core component of its broader threat intelligence strategy. By leveraging its visibility across the web, mobile ecosystems, and cloud infrastructure, GTIG can identify exploitation patterns that smaller organizations might miss. This 'herd immunity' effect is critical, as Google often shares these findings with competitors and the broader security community to trigger industry-wide responses. However, the report serves as a stark warning that the defense-in-depth model must be extended to include more rigorous monitoring of the enterprise edge.

Looking ahead, the industry should expect the volume of zero-day exploits to remain high, potentially fueled by AI-assisted vulnerability research. As attackers automate the discovery of memory corruption and logic flaws, defenders must counter with equally automated response mechanisms. The focus for 2026 will likely be on 'secure-by-design' initiatives for enterprise hardware and the adoption of zero-trust architectures that assume the perimeter has already been breached via an unpatched zero-day. For now, the 2025 data confirms that the enterprise edge is the new frontline of the global cyber conflict.

Sources

Sources

Based on 2 source articles

Related Stories

security

$30M Investment Supercharges Sovereign AI for Cybersecurity in India

Innefu Labs’ $30 million Series B will accelerate development of AI‑powered cyber and national security platforms, including secure language models and agentic tools. The round underscores the urgency of indigenous defense tech amid rising cyber threats.

security

Embee Software Targets 100% DPDP Compliance with New Microsoft Security Stack

Embee Software has launched an expanded cybersecurity portfolio centered on Microsoft’s security ecosystem and Zero Trust principles. The move aims to bolster cyber resilience for Indian firms while ensuring compliance with the Digital Personal Data Protection (DPDP) Act.

security

ISI CCTV Espionage Ring Leverages Women and Minors for Surveillance

Intelligence reports have uncovered a sophisticated espionage operation orchestrated by Pakistan's ISI, utilizing a network of women and underage recruits to manage and exploit CCTV surveillance systems. This hybrid warfare tactic combines traditional human intelligence with technical IoT vulnerabilities to monitor sensitive locations and public infrastructure.

security

India Data Center Capacity to Hit 4 GW by FY30 with ₹1.5T+ Investment

India's data center capacity is projected to quadruple to 4 GW by fiscal year 2030, driven by investments between ₹1.5 lakh crore and ₹4 lakh crore. This massive infrastructure surge reflects the nation's push for data sovereignty and the rising demands of AI and 5G technologies.

How we covered this story

Every story in our cybersecurity coverage is assembled from multiple primary sources, cross-referenced for factual consistency, and scored along three independent dimensions: sentiment, operational impact, and source-cluster confidence. Single-source rumors and unverifiable claims do not pass our editorial gate. When a story shows "Verified by N sources" with N≥2, the development is independently corroborated; when N=1, we mark it explicitly so readers can weigh the signal accordingly.

Impact scoring uses a 1-10 scale weighted toward regulatory, financial, and operational consequence rather than coverage volume. A topic that runs in every outlet but moves no real decisions ranks lower than a niche regulatory filing that reshapes how operators in the cybersecurity space have to behave. Read our full methodology for the scoring rubric, our glossary for term definitions, and our trends index for the longitudinal view across the beat.

Signal on this pageWhat it tells you
Verified by N sourcesIndependent corroboration count. N≥2 is our confidence floor; N=1 is marked explicitly.
Impact score (1-10)Regulatory + financial + operational weight. 8+ signals an experienced-operator action item.
SentimentFive-tier classification trained on labeled cybersecurity-specific corpora.
TimelineWhere applicable, the related-events sequence that contextualizes today's development.