Google: Half of 2025’s 90 Exploited Zero-Days Aimed at Enterprises
Less than half of the total zero-days have been attributed to a threat actor, but spyware vendors and China are in the lead. The post Google: Half of 2025’s 90 Exploited Zero-Days Aimed at Enterprises appeared first on SecurityWeek.
Google’s Threat Intelligence Group (GTIG) reported on Thursday that 90 zero-day vulnerabilities were exploited in the wild in 2025, and an increasing percentage were aimed at enterprises.
In comparison, the company tracked 78 zero-days in 2024 and 100 in the previous year.
In 2025, Microsoft accounted for 25 of the zero-days, followed by Google (11), Apple (8), and Cisco (4).
Source: https://www.securityweek.com/google-half-of-2025s-90-exploited-zero-days-aimed-at-enterprises/
Related breach coverage
- Android Zero-Days Patched in December 2025 Security Update2025-12-02
Google warns that two out of the 107 vulnerabilities patched in Android this month have been exploited in limited, targeted attacks. The post Android Zero-Days Patched in December 2025 Security Update appeared first on SecurityWeek.
- Cisco ISE, CitrixBleed 2 Vulnerabilities Exploited as Zero-Days: Amazon2025-11-13
Amazon has seen a threat actor exploiting CVE-2025-20337 and CVE-2025-5777, two critical Cisco and Citrix vulnerabilities, as zero-days. The post Cisco ISE, CitrixBleed 2 Vulnerabilities Exploited as Zero-Days: Amazon appeared first on SecurityWeek.
- Chrome 142 Update Patches Exploited Zero-Day2025-11-18
The flaw was reported by Google's Threat Analysis Group and was likely exploited by a commercial spyware vendor. The post Chrome 142 Update Patches Exploited Zero-Day appeared first on SecurityWeek.
- Landfall Android Spyware Targeted Samsung Phones via Zero-Day2025-11-07
Threat actors exploited CVE-2025-21042 to deliver malware via specially crafted images to users in the Middle East. The post Landfall Android Spyware Targeted Samsung Phones via Zero-Day appeared first on SecurityWeek.