Google Threat Intelligence Group Warns Enterprise Systems Increasingly Targeted by Zero-Day Exploits

The world of cybersecurity is constantly evolving, with new threats emerging every day. In its latest report, the Google Threat Intelligence Group (TIG) has highlighted a concerning trend: enterprise systems are being increasingly targeted by zero-day exploits. These vulnerabilities, previously unknown to the public and vendors, are being exploited before any patches can be issued, leaving organizations vulnerable to attack.

According to the TIG's annual zero-day report, "Look What You Made Us Patch: 2025 Zero-Days in Review," 90 zero-day vulnerabilities were tracked throughout 2025. While this number is down from a record 100 in 2023, it's still higher than the 78 recorded in 2024. The most targeted categories were enterprise software and infrastructure, such as networking devices, security appliances, and virtualization platforms.

Security and networking appliances accounted for roughly half of these enterprise-related vulnerabilities, while operating systems were the single most targeted category, accounting for 44% of all zero-day vulnerabilities in 2025. Mobile devices also saw increased exploitation, with 15 mobile-related zero-days identified during the year compared to nine in 2024.

The report highlights a shift in the actors driving zero-day exploitation. Commercial surveillance vendors were found to be responsible for more attributed zero-day exploits than traditional state-sponsored espionage groups, marking a significant change in the threat landscape. These companies develop and sell sophisticated exploit capabilities to government customers, seeking to expand access to advanced hacking tools beyond traditional large national intelligence agencies.

State-sponsored operations remained significant in 2025, with alleged Chinese government-aligned espionage groups continuing to dominate traditional state-backed exploitation. These groups frequently targeted edge devices and security infrastructure to maintain long-term access to strategic networks.

The rise of commercial surveillance aside, the TIG warns that artificial intelligence could further accelerate the zero-day landscape. Researchers expect attackers to increasingly use AI tools to automate reconnaissance, vulnerability discovery, and exploit development.

Consequently, defenders need to prioritize defenses and mitigate zero-day threats. "Defenders should prepare for when, not if, a compromise happens," the report's authors write. "System architectures should be designed and built with security awareness ingrained, allowing inherent segmentation and least privilege access." Comprehensive defensive measures, such as real-time monitoring and anomaly detection, are also crucial in detecting and acting against threats as they occur.

As organizations navigate this evolving threat landscape, it's essential to stay informed about the latest trends and vulnerabilities. The Google Threat Intelligence Group's report serves as a valuable resource for understanding the complexities of zero-day exploitation and staying ahead of emerging threats.

The Rise of Zero-Day Exploits: What You Need to Know

A zero-day vulnerability is a previously unknown software vulnerability that attackers exploit before the vendor has had zero days to fix or patch it. The Google TIG's report highlights the increasing threat of zero-day exploits, particularly in enterprise systems.

Key Findings from the Report

• 90 zero-day vulnerabilities were tracked throughout 2025.
• Enterprise software and infrastructure accounted for roughly half of all zero-day vulnerabilities.
• Operating systems were the single most targeted category, accounting for 44% of all zero-day vulnerabilities in 2025.
• Commercial surveillance vendors are increasingly responsible for attributed zero-day exploits.

The Future of Zero-Day Exploits: Emerging Trends and Threats

The rise of artificial intelligence is expected to further accelerate the zero-day landscape. Researchers predict that attackers will increasingly use AI tools to automate reconnaissance, vulnerability discovery, and exploit development.

As the threat landscape continues to evolve, it's essential for organizations to stay informed and prioritize defensive measures. By understanding the complexities of zero-day exploitation and staying ahead of emerging threats, defenders can better protect their systems and data from attack.

Conclusion

The Google Threat Intelligence Group's report highlights a concerning trend: enterprise systems are being increasingly targeted by zero-day exploits. As organizations navigate this evolving threat landscape, it's essential to stay informed about the latest trends and vulnerabilities. By prioritizing defensive measures and staying ahead of emerging threats, defenders can better protect their systems and data from attack.