Google Warns: Zero-Day Exploits Skyrocket, Targeting Businesses Over Consumers

Google's Threat Intelligence Group (TIG) has issued a stark warning: zero-day vulnerability exploitation escalated significantly in 2025, with attackers increasingly focusing on enterprise infrastructure and security appliances. This marks a shift from targeting traditional consumer software.

Google TIG's annual report tracked 90 zero-day vulnerabilities throughout 2025. Of these, 43 targeted enterprise software, including networking devices and security appliances, which comprised roughly half of these threats. Operating systems remained the most exploited category at 44%, with a notable increase in mobile device exploitation.

The report highlights a significant trend: commercial surveillance vendors are now responsible for more attributed zero-day exploitation than traditional state-sponsored espionage groups. These vendors develop and sell advanced exploit capabilities to government clients, seeking to broaden access to hacking tools.

Despite this shift, state-sponsored operations, particularly from alleged Chinese government-aligned groups, continued to dominate traditional exploitation, frequently targeting edge devices and security infrastructure for long-term network access.

Looking ahead, Google TIG warns that artificial intelligence could accelerate the zero-day landscape, with attackers leveraging AI for automated reconnaissance, vulnerability discovery, and exploit development.

The report urges defenders to prioritize proactive defenses, designing systems with inherent segmentation and least privilege access. Continuous monitoring, anomaly detection, and actionable alerting are crucial for real-time threat detection and response.