A recent analysis by Google has revealed a significant trend in cybersecurity threats, indicating that nearly half of the zero-day vulnerabilities identified in 2025 were aimed at enterprise technologies. This marks a notable escalation in the tactics employed by hackers, who are increasingly focusing on large organizations to breach data security.
According to Google's annual review, 48% of the zero-day vulnerabilities--flaws in software that are exploited before the developer is aware--were found in systems utilized by major corporations. Alarmingly, many of these vulnerabilities targeted the very security devices meant to protect enterprise networks from cyber threats.
Prominent security and networking devices, including firewalls from well-known manufacturers and platforms for VPNs and virtualization, emerged as top targets. Companies like Cisco and Fortinet were highlighted as having their products exploited by hackers in recent months, emphasizing the urgent need for robust security measures.
Google's researchers noted that hackers frequently exploited common weaknesses, such as inadequate input validation and incomplete authorization processes. These vulnerabilities typically require software updates to resolve but are relatively straightforward for attackers to exploit.
In addition to vulnerabilities in security devices, Google pointed out that other software flaws contributed to the remaining zero-days. The Clop ransomware group, for instance, targeted Oracle E-Business Suite customers, leading to significant data breaches affecting numerous organizations, including educational institutions and major corporations.
Interestingly, the report indicated that 52% of zero-day vulnerabilities were found in consumer products, particularly those developed by tech giants like Microsoft, Google, and Apple. Operating systems and mobile devices saw a notable increase in vulnerabilities compared to previous years.
Furthermore, Google observed a shift in the landscape of hacking, attributing more vulnerabilities to surveillance vendors than traditional state-sponsored espionage groups. These surveillance vendors, often involved in developing spyware, are increasingly being utilized by governments to gain unauthorized access to personal devices, showcasing a changing dynamic in the cybersecurity arena.