Nearly half of the 90 zero-day exploits discovered in 2025 were targeted at enterprise systems, indicating a significant shift in threat actor strategies. Notably, less than half of these zero-days have been attributed to a specific threat actor, with spyware vendors and China being the most prominent. The lack of attribution for the remaining exploits suggests a high degree of sophistication and evasion among attackers. Given the short window of time between the discovery of a zero-day and its exploitation, enterprises must be proactive in assessing their exposure to these vulnerabilities. The fact that Google has reported such a high number of zero-day exploits targeting enterprises underscores the urgency of this issue1. This trend matters to security practitioners because it highlights the need for immediate action to patch vulnerabilities and protect against potential attacks, as the window for remediation is rapidly shrinking.
Google: Half of 2025’s 90 Exploited Zero-Days Aimed at Enterprises
⚡ High Priority
Why This Matters
Zero-day activity targeting Google means patching windows are already closing — assess your exposure immediately.
References
- SecurityWeek. (2026, March 5). Google: Half of 2025’s 90 Exploited Zero-Days Aimed at Enterprises. SecurityWeek. https://www.securityweek.com/google-half-of-2025s-90-exploited-zero-days-aimed-at-enterprises/
Original Source
SecurityWeek
Read original →