You would think that companies that employ enterprise-grade software would focus on security. After all, you don’t want trade secrets like upcoming plans, contracts, payroll, and stuff to leak or be stolen, right? But surprisingly, according to Google, half of the zero-day exploits it tracked targeted enterprise tech.
Google says half of zero-day exploits belong to enterprise tech
According to the Google Threat Intelligence group, it tracked 90 zero-day vulnerabilities in 2025. The company says that this number is higher than the 78 it found in 2024, but on the whole, it is lower than 2023’s 100 vulnerabilities. But what’s interesting is how Google discovered that almost 50% of these zero-day vulnerabilities targeted enterprise tech.
Google says, “In 2025, we continued to observe the structural shift, first identified in 2024, toward increased enterprise exploitation. Both the raw number (43) and proportion (48%) of vulnerabilities impacting enterprise technologies reached all-time highs, accounting for almost 50% of total zero-days exploited in 2025. We observed a sustained decrease in detected browser-based exploitation, which fell to historical lows, while seeing increased abuse of operating system vulnerabilities.”
The company also found that major vendors and their software were the targets. This includes firewalls made by Cisco and Fortinet, along with VPN and virtualization platforms from Ivanti and VMware. These companies have acknowledged that hackers have exploited their products.
AI could make things better or worse
In its report, Google also anticipates how AI could change the game in this space. This includes how attackers could leverage AI to automate and scale their attacks. This would be faster than humans, especially when it comes to seeking out vulnerabilities and developing exploits to take advantage of that.
However, the opposite is true. While attackers could use AI to speed and scale up their processes, defenders can use AI to enhance their security. They can take advantage of agentic solutions to be more proactive in discovering flaws and vulnerabilities. This would allow developers to put together patches before it has been exploited.
The company also found that commercial surveillance vendors make the most when it comes to exploiting vulnerabilities. This is followed by state-sponsored espionage, followed by cybercriminals.
The post Google Reports 2025 Zero-Days Exploits Targeted the Very Tools Meant to Stop Them appeared first on Android Headlines.
0 Comments