world politics tech business tabloid sports science health entertainment lifestyle food travel gaming

Why did Google report 90 zero-day exploits in 2025?

A sharp rise in active exploitation and what it signals

Security telemetry from Google’s Threat Intelligence Group showed a notable increase in zero‑day exploits last year, with the company tracking 90 distinct vulnerabilities actively used in attacks. That number rose from 78 the prior year, and the pattern of abuse highlights shifting attacker priorities and the widening stakes for enterprise security.

What the data shows

  • Attack sources: Commercial spyware vendors and groups linked to China were major drivers of the observed exploitation activity, indicating both mercenary surveillance markets and nation‑state operations are heavily leveraging zero‑days.
  • Enterprise targeting: Roughly half of the recorded zero‑day incidents hit enterprise software and infrastructure, rather than consumer apps, suggesting adversaries focus on broader access and long‑term footholds.
  • Mobile threats: Multiple reports tied advanced iOS exploitation frameworks to widescale campaigns, including toolkits capable of compromising thousands of devices.

Why this matters

  • Defensive burden: Organizations must accelerate patching, implement layered detection, and assume that well‑resourced adversaries will find and weaponize unknown flaws.
  • Policy and disclosure: The rise in commercial spyware misuse has renewed calls for tighter regulation, vendor responsibility in secure coding, and better public‑private sharing of exploit telemetry.
  • Future risks: Google warned that evolving technologies, including AI, could change attacker and defender dynamics—speeding exploit discovery or automating exploit chains—making proactive vulnerability management more urgent.

What to watch next

  • Patch advisories from vendors and any emergency mitigations from agencies like CISA.
  • Investigations linking specific exploit kits to sellers and state proxies.
  • How industry adapts with threat hunting, supply‑chain audits, and pressure on spyware markets to restrict abuse.

It remains unclear whether the trend will plateau or accelerate, but the year’s figures underscore that zero‑day exploitation is a growing, cross‑sector problem.


Curated by Humans | Summarized by Machines