{"id":4739,"date":"2026-03-06T15:36:44","date_gmt":"2026-03-06T15:36:44","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2026\/03\/06\/zero-day-attacks-on-enterprise-software-reach-record-high-google-warns\/"},"modified":"2026-03-06T15:36:44","modified_gmt":"2026-03-06T15:36:44","slug":"zero-day-attacks-on-enterprise-software-reach-record-high-google-warns","status":"publish","type":"post","link":"https:\/\/ft365.org\/index.php\/2026\/03\/06\/zero-day-attacks-on-enterprise-software-reach-record-high-google-warns\/","title":{"rendered":"Zero\u2011Day Attacks on Enterprise Software Reach Record High, Google Warns"},"content":{"rendered":"<div id=\"cphContent_pnlMainContent\">\n<h2>Written by<\/h2>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/localimages\/cb531640-ce34-4e47-96c8-4a9f811ec92a.jpg?width=64&#038;height=64&#038;mode=crop&#038;scale=both&#038;format=webp\" alt=\"Photo of Danny  Palmer \" loading=\"lazy\"><\/p>\n<\/div>\n<div id=\"cphContent_pnlArticleBody\">\n<div id=\"layout-af739656-b6e9-426d-9e0b-88ca21f75e6f\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>The number of zero-day vulnerabilities uncovered in enterprise software and appliances reached an all-time high last year, analysis by Google Threat Intelligence Group (GTIG) has warned.<\/p>\n<p>In the report, released on March 5, GTIG said it tracked 90 zero-day vulnerabilities which were actively deployed by cyber attackers during 2025. Google defined a zero-day as \u201ca vulnerability that was maliciously exploited in the wild before a patch was made publicly available.\u201d<\/p>\n<p>These findings are higher than the 78 zero-days tracked during 2024 but lower than the record-high of 100 zero days tracked in 2023.<\/p>\n<p>Google has also warned that the way attackers use zero-days is changing and that enterprise technology is the new primary target for exploitation. 43 (48%) of zero-days identified during 2025 targeted enterprise software and appliances, up from 36 (46%) in 2024.<\/p>\n<p>GTIG said that the increase \u201cunderscores the shift toward enterprise infrastructure as a structural change in the threat landscape, reflecting the value of tools that enable privilege escalation, high-level access and broad scale of impact.\u201d<\/p>\n<h2><strong>Attackers Target Security and Networking Appliances <\/strong><\/h2>\n<p>Of those zero-day exploits\u00a0which targeted enterprise, almost half (21) targeted security and networking solutions. They are a prominent target for attackers, because if a zero-day in the technology can be exploited, it is useful for code execution and unauthorized access to the wider network via privileged infrastructure components.<\/p>\n<p>In addition to this, security and networking appliances, including routers, switches and security appliances, often sit at the edge of the network, which can be overlooked by defenders. Attackers know this, which is why they target edge devices as they increasingly look to exploit zero-days in enterprise products.<\/p>\n<p>\u201cHigh-profile exploitation of enterprise tools and virtualization technologies demonstrate that attackers are deeply embedding themselves in critical business infrastructure,\u201d said GTIG.<\/p>\n<\/p><\/div>\n<figure id=\"layout-6686ccf5-66a5-4079-8511-cabbdfd0a68e\" data-layout-id=\"4\" data-edit-folder-name=\"image\" data-index=\"1\"><img decoding=\"async\" src=\"http:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/localimages\/e5f5022d-97e8-453a-baa9-8d935cfae3a3.jpg\" alt=\"Source: Google Threat Intelligence Group\"><figcaption>Source: Google Threat Intelligence Group<\/figcaption><\/figure>\n<div id=\"layout-92771896-9e0c-44fd-9bf6-a983435fe1d0\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"2\">\n<p>While targeting of enterprise applications is on the rise, for now, end users remain the most common target for zero-day exploitation, although the gap is closing. \u00a0In 2025, 52% (47) of the tracked zero-days were used to exploit end-user platforms and products.<\/p>\n<p>Of these, operating systems were the most targeted end-user product accounting for 24 (27%) of the tracked zero-days. The operating system most targeted by zero-days was Microsoft Windows.<\/p>\n<h2><strong>Browser-Based Zero-Days Reach \u2018Historic\u2019 Low<\/strong><\/h2>\n<p>The report pointed out that mobile operating systems saw a \u201cnotable\u201d increase in targeting during 2025, with a total of 15 zero days in 2025 compared to the nine identified in 2024.<\/p>\n<p>Meanwhile, the number of browser-based zero-day vulnerabilities tracked during the period dropped to eight (9%) in Google described as a \u201chistorical low.\u201d<\/p>\n<p>While one for reason for this is that browsers are better secured than they were previously, GTIG also suggested that attackers\u2019 operational security has improved, which has made their activity more difficult to track, potentially reducing the volume of observed exploitation in this space.<\/p>\n<p>The report also noted that during 2025, nine zero-days were linked to attacks by financially motivated threat groups, including two ransomware operations. This figure is nearly double the five zero-days attributed\u00a0to financially motivated threat actors in 2024.<\/p>\n<p>The report concluded that as the ongoing use of zero-day vulnerabilities by nation-state backed hacking operations &#8211; particularly those operating out of China &#8211; cybercriminal groups and others continues, defenders should be prepared for when, not if they are targeted.<\/p>\n<p>\u201cSystem architectures should be designed and built with ingrained security awareness, enabling inherent segmentation and least privilege access. \u00a0Comprehensive defensive measures as well as response efforts require a real-time inventory of all assets to be audited and maintained,\u201d said Google.<\/p>\n<p>\u201cWhile not preventative, continuous monitoring and anomaly detection, within both systems and networks, paired with refined and actionable alerting capabilities is a real-time way to detect and act against threats as they occur,\u201d the company added.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Written by The number of zero-day vulnerabilities uncovered in enterprise software and appliances reached an all-time high last year, analysis by Google Threat Intelligence Group (GTIG) has warned. In the report, released on March 5, GTIG said it tracked 90 zero-day vulnerabilities which were actively deployed by cyber attackers during 2025. Google defined a zero-day<\/p>\n","protected":false},"author":2,"featured_media":4740,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-4739","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4739-2f996e17-e1c2-401f-97dc-38215ac4dfb5.jpg",300,300,false],"thumbnail":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4739-2f996e17-e1c2-401f-97dc-38215ac4dfb5-150x150.jpg",150,150,true],"medium":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4739-2f996e17-e1c2-401f-97dc-38215ac4dfb5.jpg",300,300,false],"medium_large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4739-2f996e17-e1c2-401f-97dc-38215ac4dfb5.jpg",300,300,false],"large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4739-2f996e17-e1c2-401f-97dc-38215ac4dfb5.jpg",300,300,false],"1536x1536":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4739-2f996e17-e1c2-401f-97dc-38215ac4dfb5.jpg",300,300,false],"2048x2048":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4739-2f996e17-e1c2-401f-97dc-38215ac4dfb5.jpg",300,300,false],"morenews-featured":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4739-2f996e17-e1c2-401f-97dc-38215ac4dfb5.jpg",300,300,false],"morenews-large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4739-2f996e17-e1c2-401f-97dc-38215ac4dfb5.jpg",300,300,false],"morenews-medium":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4739-2f996e17-e1c2-401f-97dc-38215ac4dfb5.jpg",300,300,false],"crawlomatic_preview_image":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4739-2f996e17-e1c2-401f-97dc-38215ac4dfb5-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"https:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"https:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4739","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=4739"}],"version-history":[{"count":0,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4739\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/4740"}],"wp:attachment":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=4739"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=4739"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=4739"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}