Summary: Google reported a decrease in observed zero-day vulnerabilities exploited in the wild in 2024, totaling 75, down from 98 in 2023, with a significant shift toward targeting enterprise products and security software. The report outlines that while zero-day exploitation of browsers and mobile devices has fallen, exploitation chains remain prevalent, particularly against mobile devices. Additionally, the activity of threat actors, including state-sponsored groups and financially motivated hackers, is detailed concerning their use of zero-day vulnerabilities.
Affected: Google, Microsoft, Apple, Ivanti, Palo Alto Networks, Cisco, enterprise software vendors
Keypoints :
- 75 zero-day vulnerabilities were exploited in 2024, with 44% targeting enterprise products.
- Most targeted vendors included Microsoft (26 zero-days), Google (11), Ivanti (7), and Apple (5).
- Exploits attributed to state-sponsored espionage (10), commercial surveillance (8), and financially motivated groups (5) highlight the varied nature of the threat landscape.
- Zero-day exploitation targeting browsers and mobile devices has decreased significantly, with mobile-focused exploit chains still prevalent.
- Efforts by vendors to mitigate zero-day exploitation appear to be effective, leading to fewer incidents targeting historically popular products.
Source: https://thehackernews.com/2025/04/google-reports-75-zero-days-exploited.html