Zero-day exploitation directed at enterprise technology products hit a record high in 2025, according to the Google Threat Intelligence Group (GTIG). This increase highlights a concerning trend in cyber-espionage, particularly from groups linked to China.
Record Number of Zero-Days
GTIG tracked a total of 90 zero-day vulnerabilities exploited last year, with 43 of these affecting enterprise software and appliances. This represents 48 percent of all tracked zero-day attacks, a rise from 36 (46 percent) in 2024. While the overall number of zero-days increased from 78 in 2024, it remains below the peak of 100 recorded in 2023.
Focus on Enterprise and Edge Devices
Security and networking devices were particularly vulnerable, accounting for nearly half of the enterprise-related zero-days, with 21 instances. Additionally, 14 zero-days affected edge devices, such as routers and switches. GTIG noted that this figure might underrepresent the actual scale of exploitation, as many edge devices lack endpoint security tools, making them attractive targets for attackers.
Attribution of Exploits
Most of the enterprise attacks appear to be related to espionage, with China-linked groups identified as the primary offenders. GTIG’s analysis indicated that 42 of the 90 zero-days could be attributed to specific groups, including 15 exploited by commercial surveillance vendors (CSVs) and 12 by state-sponsored espionage groups, with seven attributed to China. Notably, this marks the first time GTIG attributed more zero-days to CSVs than to traditional government-backed groups.
Implications for Security
The report underscores the growing threat posed by both state-sponsored and commercial surveillance groups in the realm of zero-day exploitation. As cyber espionage continues to evolve, the targeting of technology companies for intellectual property theft raises concerns about the future of enterprise security. Microsoft, Google, and Apple were the most affected vendors, with Microsoft experiencing the highest number of total zero-days exploited in 2025.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
