tech

March 5, 2026

Google says half of all zero-days it tracked in 2025 targeted buggy enterprise tech

Enterprise software was a major focus of zero-day activity during 2025, with security and networking devices, like firewalls, VPNs, and virtualization platforms among the most targeted by malicious hackers.

Google says half of all zero-days it tracked in 2025 targeted buggy enterprise tech

TL;DR

  • 48% of tracked zero-day vulnerabilities in the past year exploited enterprise devices, a new high.
  • Security and networking devices (firewalls, VPNs, virtualization platforms) from Cisco, Fortinet, Ivanti, and VMware were top targets.
  • Hackers exploited common flaws like input validation and incomplete authorization.
  • The Clop extortion gang targeted Oracle E-Business Suite customers, impacting organizations like Harvard University and The Washington Post.
  • The remaining 52% of zero-days were found in consumer products (Microsoft, Google, Apple), primarily operating systems and mobile devices.
  • Google attributed more zero-days to surveillance vendors than traditional government-backed espionage groups.

Continue reading the original article

Made withNostr