A new report reveals threats that have kept cybersecurity professionals on edge over the past year.
The Google Threat Intelligence Group (GTIG) has identified widespread exploitation of critical vulnerabilities in software. Over the past year, cybercriminals have taken advantage of 75 zero-day vulnerabilities — flaws previously unknown to vendors. These attacks have been primarily focused on corporate software, especially security systems and networking solutions.
The discovered vulnerabilities fall into two major categories. Experts recorded 33 critical flaws in enterprise technologies, while the remaining 42 affected platforms and products used by end users — including mobile devices, operating systems, browsers, and applications.
Compared to the previous year, the total number of zero-day attacks slightly declined from 98 to 75 incidents. However, analysts emphasize that the long-term trend remains upward. For comparison, only 63 such incidents were documented two years ago.
Of particular concern is the activity of commercial spyware vendors. These groups continuously refine their evasion techniques and improve operational security, making them significantly harder to detect and identify.
More than half of the vulnerabilities tracked by Google were used in cyber espionage operations. The situation is especially alarming in the corporate technology sector — researchers found 20 critical bugs in security systems and network equipment, accounting for over 60% of attacks targeting business infrastructure.
The Google Chrome web browser remained the top target among browsers, although the total number of attacks in this category has decreased. Eleven zero-day vulnerabilities were discovered over the past year, compared to 17 the year before. A similar trend was observed in the mobile device segment, where the number dropped to nine.
The Windows operating system showed the highest increase in critical flaws. Google researchers recorded 22 exploits, up from 17 the previous year. Experts highlight that as long as Windows remains a dominant platform in both home and professional environments, it will continue to be an attractive target for attackers.
In the corporate sector, the most frequent attack targets were Ivanti cloud services, the PAN-OS system from Palo Alto Networks, Cisco Adaptive Security Appliance (ASA) firewalls, and Ivanti Connect Secure VPN solutions. In total, products from 18 different corporate software vendors were affected.
Analysts were able to trace the origins of many attacks. Eight zero-day vulnerabilities were exploited by commercial spyware developers. Five incidents were linked to groups supported by China and North Korea, with North Korean hackers pursuing both espionage and financial objectives. Another five attacks were carried out by independent cybercriminal groups. At least three critical exploits were attributed to Russia.
Experts note the growing availability of tools for discovering and leveraging zero-day vulnerabilities. Cybercriminals are quickly adapting to new technologies and often target less experienced developers. According to forecasts, these techniques will continue to be used for a long time, as they enable stealthy operations, prolonged system infiltration, and evasion of law enforcement.
