Google says 90 zero-days were exploited in attacks last year

Ninety zero-day vulnerabilities were exploited in attacks last year, according to Google's Threat Intelligence Group, with nearly half of these targeting enterprise software and appliances. This significant number highlights the growing threat of zero-day exploits, which can be used to compromise systems before a patch or fix is available. The exploited vulnerabilities likely included those in popular software and hardware, such as browsers, operating systems, and network devices. Google's findings underscore the importance of prompt patching and vulnerability management, as the window for applying security updates is rapidly shrinking¹. The fact that Google, a major technology company, is being targeted by zero-day exploits means that other organizations may also be at risk. As a result, practitioners should assess their exposure to these vulnerabilities and prioritize patching and mitigation efforts to prevent potential attacks. This matters because the exploitation of zero-day vulnerabilities can have severe consequences, including data breaches and system compromises.