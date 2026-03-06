The number of zero-day vulnerabilities uncovered in enterprise software and appliances reached an all-time high last year, analysis by Google Threat Intelligence Group (GTIG) has warned.

In the report, released on March 5, GTIG said it tracked 90 zero-day vulnerabilities which were actively deployed by cyber attackers during 2025. Google defined a zero-day as “a vulnerability that was maliciously exploited in the wild before a patch was made publicly available.”

These findings are higher than the 78 zero-days tracked during 2024 but lower than the record-high of 100 zero days tracked in 2023.

Google has also warned that the way attackers use zero-days is changing and that enterprise technology is the new primary target for exploitation. 43 (48%) of zero-days identified during 2025 targeted enterprise software and appliances, up from 36 (46%) in 2024.

GTIG said that the increase “underscores the shift toward enterprise infrastructure as a structural change in the threat landscape, reflecting the value of tools that enable privilege escalation, high-level access and broad scale of impact.”

Attackers Target Security and Networking Appliances

Of those zero-day exploits which targeted enterprise, almost half (21) targeted security and networking solutions. They are a prominent target for attackers, because if a zero-day in the technology can be exploited, it is useful for code execution and unauthorized access to the wider network via privileged infrastructure components.

In addition to this, security and networking appliances, including routers, switches and security appliances, often sit at the edge of the network, which can be overlooked by defenders. Attackers know this, which is why they target edge devices as they increasingly look to exploit zero-days in enterprise products.

“High-profile exploitation of enterprise tools and virtualization technologies demonstrate that attackers are deeply embedding themselves in critical business infrastructure,” said GTIG.