161/68 Thursday, May 1, 2025
Google’s Threat Intelligence Group (GTIG) has released its 2024 annual report, revealing that 75 zero-day vulnerabilities were exploited in the wild—down from 98 in 2023, but still higher than the 63 reported in 2022.
One key trend is the increasing focus on enterprise technologies, rather than only end-user platforms. In 2024, 44% of the exploited zero-days targeted enterprise products, up from 37% in 2023. Of those, over 60% were related to networking software or cybersecurity solutions, reflecting attackers’ growing interest in critical infrastructure.
While attacks on browsers and mobile platforms declined, end-user platforms still accounted for 56% of zero-day exploits. Google Chrome was the most targeted browser. Meanwhile, desktop operating systems also faced rising attacks—Microsoft Windows experienced 22 zero-day exploits in 2024, up from 16 in 2023 and 13 in 2022, largely due to its widespread use across personal and enterprise environments.
On the enterprise front, products from Ivanti, Palo Alto, and Cisco became top targets, in part due to their relatively limited detection and prevention capabilities. In many cases, a single vulnerability could lead to full system compromise.
Overall, more than half of the zero-days exploited in 2024 were used for remote code execution (RCE) or privilege escalation, with common vulnerability types including Use-After-Free, Command Injection, and Cross-Site Scripting (XSS).
GTIG also found that 34 of the 75 exploited vulnerabilities were linked to cyber espionage operations, with 53% attributed to state-sponsored actors or Commercial Surveillance Vendors (CSVs). Although this is a slight decrease from 2023, it still represents a significant rise over 2022. Google warns that CSVs are playing an increasingly central role in the global threat landscape, expanding their capabilities and selling offensive zero-day tools to malicious actors worldwide.
