Google Threat Intelligence Group tracked 90 zero-day vulnerabilities exploited in the wild during 2025, marking a rise from 78 in 2024 but below the 2023 record of 100, with numbers stabilizing in the 60–100 range over recent years.

Nearly half (48%, or 43) targeted enterprise technologies like security appliances and networking gear from vendors such as Cisco, Fortinet, and Ivanti, reaching an all-time high proportion and reflecting a sustained shift toward enterprise-focused attacks. End-user platforms accounted for the other 52%, with operating systems (including mobile) seeing increased exploitation while browser zero-days dropped to historic lows thanks to improved hardening.

For the first time, commercial surveillance vendors were attributed more zero-days than state-sponsored actors, with PRC-nexus espionage groups remaining prominent in edge device targeting. The report underscores zero-days as the top initial access vector, urging better patching, network segmentation, and monitoring amid expectations that AI will accelerate both attacks and defenses in 2026