GOOGLE’S Threat Intelligence Group (GTIG) identified 90 zero-day vulnerabilities exploited in the wild in 2025, up from 78 in 2024 and trailing the roughly 100 seen in 2023. Nearly half of the flaws targeted enterprise technologies, with 43 (48%) focused on enterprise systems, marking a record share and a shift towards corporate infrastructure.
Edge devices such as routers and security appliances remained prime targets, while 47 zero-days (52%) targeted end-user platforms and operating systems were the most exploited category with 39 flaws. Mobile OS exploits rose to 15 cases, and browsers accounted for less than 10% of zero-day activity.
According to Google, nation-state actors mainly targeted edge devices and security appliances, while commercial surveillance vendors were the most active users of zero-day exploits in 2025, with firms such as Intellexa continuing to sell spyware to government clients. The report also notes attackers increasingly employ longer exploit chains and target lower levels of access within a single capability, and expects AI to accelerate vulnerability discovery and exploit development in 2026.