Microsoft & Google Hit Hard by Zero-Day Exploits at #BHUSA
▼ Summary
– Zero day exploits surged by 46% in H1 2025, with Microsoft products accounting for 30% of affected vendors, followed by Google (11%) and Apple (8%).
– A total of 23,583 vulnerabilities were published in H1 2025, a 15% increase from 2024, with 132 added to CISA’s KEV catalog (an 80% YoY rise).
– Ransomware attacks grew 36% in H1 2025, targeting non-traditional devices like IP cameras and BSD servers to bypass defenses and enable lateral movement.
– Threat actors in H1 2025 were 51% financially motivated, 40% state-sponsored, and 9% hacktivists, with China (33 groups) and Russia (22) as top origins.
– Iranian-aligned hacktivist groups increasingly targeted critical OT environments, blending activism with state-influenced disruption tactics amid rising geopolitical tensions.
The first half of 2025 saw a dramatic 46% spike in zero-day exploits, with tech giants Microsoft and Google bearing the brunt of these attacks. According to the latest Forescout Research – Vedere Labs threat review, products from 27 vendors were compromised, with Microsoft accounting for nearly a third of all incidents. Google followed closely at 11%, while Apple, Ivanti, Qualcomm, and VMware each faced significant exposure.
Security teams grappled with 23,583 newly published vulnerabilities during this period, an average of 130 per day, marking a 15% jump from 2024. Alarmingly, 132 flaws were added to CISA’s Known Exploited Vulnerabilities catalog, an 80% surge year-over-year. Nearly half of these vulnerabilities predated 2025, with many targeting perimeter infrastructure. Six even affected end-of-life products, leaving organizations defenseless against potential breaches.
Ransomware groups are shifting tactics, increasingly targeting unconventional devices like IP cameras and BSD servers to evade detection. These systems, often lacking robust security measures, serve as entry points for lateral movement across IT, OT, and IoT networks. One March 2025 incident involved Akira ransomware spreading through a compromised IP camera, while the VanHelsing group deployed a multi-platform encryptor capable of attacking BSD UNIX. Researchers warn these asset types will remain prime targets, noting a 36% rise in ransomware attacks globally, affecting victims in 112 countries.
State-sponsored and hacktivist groups also intensified operations, with 137 threat actors linked to notable campaigns. Financially motivated cybercriminals dominated at 51%, but nation-state actors (40%) and hacktivists (9%) played significant roles. Chinese groups led the pack with 33 collectives, trailed by Russia (22), Iran (8), and Turkey (4). Iranian-aligned hacktivists, in particular, blurred lines between activism and state-backed disruption, aggressively targeting critical OT environments.
Daniel dos Santos, Forescout’s head of research, emphasized the growing challenge: “Geopolitical tensions are fueling faster, louder, and harder-to-attribute attacks, forcing defenders to adapt quickly.” As threats evolve, organizations must prioritize patching, monitor unconventional devices, and prepare for increasingly sophisticated adversaries.
(Source: InfoSecurity)
