Actively exploited zero-days rise as surveillance firms ramp up abuse

Ninety zero-day vulnerabilities have been leveraged in cyberattacks last year, up from 78 in 2024 but lower than the record high of 100 in 2023, with nearly half of the exploits aimed at enterprise software and infrastructure, SiliconANGLE reports.

For the first time since tracking began, commercial surveillance vendors abused more zero-days last year than state-backed cyberespionage operations amid efforts to expand their hacking arsenal, according to a Google Threat Intelligence Group report. Despite being overtaken by surveillance vendors, Chinese state-sponsored groups remained a dominant force in targeting vulnerable edge devices and security infrastructure for persistence. Meanwhile, accelerated reconnaissance, vulnerability identification, and exploit creation driven by AI should prompt improved defense prioritization among security teams.

"Comprehensive defensive measures as well as response efforts require a real-time inventory of all assets to be audited and maintained. While not preventative, continuous monitoring and anomaly detection, within both systems and networks, paired with refined and actionable alerting capabilities is a real-time way to detect and act against threats as they occur," said researchers.