Google says half of the zero days it tracked in 2025 targeted buggy enterprise technology

A new report from Google found that about half of the zero-day bugs it tracked last year exploited enterprise devices, marking a new high for hackers who are increasingly finding new ways to target large companies and steal their data.

According to the search and security giant Annual report48% of zero-day vulnerabilities tracked—software vulnerabilities unknown to their manufacturer at the time they were exploited—were found in technologies used by enterprises and large enterprises. About half of those zero days exploited the same devices designed to protect enterprise networks from digital hackers.

Google said security and networking devices, such as the firewalls it manufactures cisco and FortniteAnd VPN and virtualization platforms such as Ivanti and VMwarewere among Target’s top sellers last year. All four companies said hackers had exploited their products on customers’ networks in recent months.

Google researchers said hackers exploited common flaws, such as input validation and incomplete authorization processes, to penetrate firewall and VPN defenses to gain access to customers’ networks. These categories of errors are usually easier to exploit, but usually require a software update to fix.

The company also pointed to other buggy software that makes up the remaining half of the organization’s zero days. Google noted the Clop gang’s extortion campaign against Oracle E-Business Suite customers, which allowed hackers to walk away with large amounts of information. HR data from dozens of companies About their employees and executives. Breakouts have been affected Harvard Universitythe Envoy’s American Airlinesand The Washington Postamong other things.

The remaining 52% of zero-day bugs were found in consumer and end-user products, such as those made by Microsoft, Google and Apple, according to the report. Most zero days in consumer software are found in operating systems, and mobile devices have also seen a greater number of zero days than in previous years.

Google said it also attributed the number of zero days more to surveillance vendors than to traditional government-backed spy groups. Surveillance service vendors are typically spyware makers and exploit developers, who work on behalf of governments to hack into people’s phones. Google said the shift showed “slow but sure movement in the landscape” in how governments seek access to hacking tools.