IN 2025, the Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities exploited in the wild, marking a decrease from 2023's record of 100 but an increase from 2024's 78. Nearly half (48%) of these vulnerabilities targeted enterprise technologies, indicating a shift towards enterprise exploitation and a significant focus by state-sponsored actors on edge devices and security appliances.
Notably, the rate of financial exploitation remained high, with nine zero-days attributed to financially motivated groups. The analysis highlights the ongoing adaptations of threat actors, particularly in leveraging AI to enhance attack techniques. GTIG stresses the critical need for organizations to prioritize defenses and develop a robust response framework to mitigate zero-day threats.