Google: Half of 2025’s 90 Exploited Zero-Days Aimed at Enterprises
Summary
Google reports that nearly half of the 90 exploited zero-day vulnerabilities in 2025 are targeting enterprises. Spyware vendors and Chinese threat actors are identified as the leading perpetrators.
IFF Assessment
FOE
The increasing targeting of enterprises with zero-day exploits by sophisticated actors like spyware vendors and nation-states poses a significant threat to organizational security.
Defender Context
Defenders must remain vigilant against zero-day threats, as this trend indicates a growing focus on enterprise networks by advanced adversaries. Investing in proactive threat hunting, robust endpoint detection and response (EDR), and rapid patching strategies is crucial to mitigate the impact of these novel attacks.