Google Threat Intelligence Group tracked 90 zero-day vulnerabilities actively exploited in 2025, nearly half of which targeted enterprise software and appliances. Commercial spyware vendors overtook state-sponsored groups in zero-day use, Microsoft was the most-targeted vendor, and the report highlights campaigns like Brickstorm while warning exploitation will likely remain high into 2026 due to AI-assisted discovery. #Microsoft #Brickstorm
Keypoints
- GTIG tracked 90 exploited zero-days in 2025, a 15% increase from 2024.
- 47 zero-days targeted end-user platforms and 43 targeted enterprise products.
- Memory safety issues accounted for 35% of exploited zero-day vulnerabilities.
- Security appliances, networking infrastructure, VPNs, and virtualization platforms were the most-targeted enterprise systems.
- Commercial spyware vendors became the largest users of zero-days, surpassing state-sponsored actors.