Record Zero-Day Attacks Target Enterprise Software
▼ Summary
– The number of zero-day vulnerabilities exploited in 2025 reached 90, an all-time high according to Google’s analysis.
– There has been a significant shift, with enterprise software and appliances becoming the primary target for these attacks.
– Nearly half of the 2025 zero-days targeted enterprise technology, with security and networking appliances being a major focus.
– Attackers target these edge devices because they enable privileged network access and are often overlooked by defenders.
– This trend reflects attackers embedding themselves in critical business infrastructure for greater impact and access.
A recent analysis reveals that the discovery of previously unknown software flaws, known as zero-day vulnerabilities, in corporate systems reached unprecedented levels last year. The number of zero-day vulnerabilities uncovered in enterprise software and appliances reached an all-time high, according to a new report from Google’s Threat Intelligence Group. The study, which defines a zero-day as a security weakness exploited by attackers before a fix is available, documented 90 such incidents actively used in cyberattacks during 2025. This figure represents a concerning increase from the 78 tracked in 2024, though it remains slightly below the peak of 100 recorded in 2023.
More alarmingly, the data indicates a significant shift in attacker focus. Enterprise technology is now the primary target for exploitation, with 48% of all identified zero-days aimed at business software and appliances. This marks a clear escalation from the previous year and highlights a strategic change in how cybercriminals operate. The report suggests this trend underscores a move toward targeting enterprise infrastructure, reflecting the high value attackers place on tools that provide privilege escalation, deep network access, and the potential for widespread impact.
Within the enterprise category, a specific subset of technology bore the brunt of the attacks. Almost half of the enterprise-targeted zero-day exploits focused on security and networking appliances. This includes critical infrastructure like routers, switches, and various security devices. Attackers prioritize these systems because successfully exploiting a flaw can grant them code execution capabilities and unauthorized access to broader network resources through already-privileged components.
These edge devices are particularly attractive targets for another reason. Security and networking appliances often operate at the perimeter of a network, a zone that can sometimes be overlooked by defensive teams. Cyber attackers are acutely aware of this potential blind spot, which drives their increasing efforts to find and weaponize zero-days in these specific enterprise products. The exploitation of these essential business tools and underlying virtualization technologies demonstrates that threat actors are working to embed themselves deeply within the core infrastructure that organizations rely on daily.
(Source: InfoSecurity Magazine)
