ACCORDING to Google’s Threat Intelligence Group (GTIG), 90 zero-day vulnerabilities were exploited in the wild in 2025, with an increasing percentage aimed at enterprises. The year saw 25 zero-days attributed to Microsoft, 11 to Google, 8 to Apple and 4 to Cisco, while 2024 had 78 and 2023 had 100, illustrating year-on-year variability. Enterprises were affected by 43 of the 90 zero-days, nearly half, with many attacks targeting networking and cybersecurity appliances to gain initial access.
The exploitation of 42 of the 2025 zero-days has been attributed to a threat actor, with commercial surveillance vendors (CSV) leading for the first time, and state-sponsored groups accounting for 12, with several believed linked to China. Google notes that PRC-nexus groups remained the most prolific users of zero-day vulnerabilities in 2025, focusing on security appliances and edge devices.
It also cautions that while three or more flaws were often chained to reach a single goal in mobile exploits, the browser zero-days continued to decline, suggesting shifting attacker techniques.