Google says half of all zero-days it tracked in 2025 targeted buggy enterprise tech | TechCrunch

A new report by Google found that about half of the zero-day bugs it tracked last year exploited enterprise devices, marking a new high for hackers who are increasingly finding new ways to target large companies and steal their data.

According to the search and security giant’s annual report48% of the tracked zero days — vulnerabilities in software that are unknown to its maker at the time they are exploited — were found in technologies used by corporations and large businesses. About half of those zero-days exploited the very devices that are designed to protect enterprise networks from digital intruders.

Google said security and networking devices, such as firewalls made by Cisco and Fortinet, and VPN and virtualization platforms like Ivanti and VMWare, were among the top targeted vendors last year. All four of the companies said hackers have exploited their products on customer networks in recent months.

Google’s researchers said that hackers exploited common flaws, like input validation and incomplete authorization processes, to break through firewall and VPN defenses to gain access to customer networks. These classes of bugs are generally easier to exploit, but generally require a software update to fix.

The company also pointed to other buggy software that makes up the remaining half of enterprise zero-days. Google noted the Clop extortion gang’s campaign against Oracle E-Business Suite customers, which allowed hackers to walk away with reams of human resources data from dozens of companies about their staff and executives. The hacks affected Harvard Universitythe American Airlines subsidiary Envoyand The Washington Post, among others.

The remaining 52% of zero-day bugs were found in consumer and end-user products, such as those made by Microsoft, Google, and Apple, according to the report. Most of the zero-days in consumer software were found in operating systems, with mobile devices also seeing more zero-days than in previous years.

Google said it also attributed more zero-days to surveillance vendors than traditional government-backed espionage groups. Surveillance vendors are typically spyware makers and exploit developers, which work on behalf of governments to hack into people’s phones. Google said this shift demonstrated “a slow but sure movement in the landscape” in how governments seek access to hacking tools.