Google’s latest annual report reveals a alarming shift in cyber warfare: nearly half of all zero-day vulnerabilities tracked in 2025 specifically targeted enterprise infrastructure. This surge marks a record high, as threat actors increasingly bypass standard security measures to infiltrate large-scale corporate networks and exfiltrate sensitive data.
The New Frontier: Security Devices as Attack Vectors
According to the research, 48% of the identified zero-days—software flaws exploited before the manufacturer can issue a patch—were embedded in technologies critical to corporate operations. Notably, roughly half of these vulnerabilities were found in the very devices intended to serve as the first line of defense: firewalls, VPNs, and virtualization platforms.
Major vendors, including Cisco, Fortinet, Ivanti, and VMware, were identified as primary targets. Each of these organizations has confirmed that hackers successfully exploited their products within customer networks over the past year.
Exploiting Fundamental Flaws
Google researchers observed that attackers are favoring “low-hanging fruit” by weaponizing common coding oversights. Vulnerabilities such as improper input validation and incomplete authorization processes are being used to dismantle firewall and VPN defenses. While these flaws are technically straightforward to exploit, they necessitate comprehensive software updates to remediate, often leaving organizations vulnerable during the lag between discovery and patching.
High-Profile Breaches and Data Theft
Beyond network infrastructure, the remaining enterprise-focused zero-days targeted specialized business software. A prime example highlighted in the report is the Clop extortion gang’s campaign against Oracle E-Business Suite users. This operation resulted in the mass theft of human resources data, impacting high-profile entities such as Harvard University, the American Airlines subsidiary Envoy, and The Washington Post.
Consumer Software and the Rise of Surveillance Vendors
The remaining 52% of tracked zero-days were concentrated in consumer-facing products from major tech giants like Microsoft, Apple, and Google. These vulnerabilities were predominantly located within operating systems, with mobile devices witnessing a significant uptick in exploit frequency compared to previous years.
Furthermore, Google noted a distinct change in the threat landscape regarding state-sponsored activity. Surveillance vendors—entities that develop spyware and exploits for government clients—are now being credited with more zero-day discoveries than traditional government-backed espionage units. This transition signals a strategic evolution in how governments acquire and deploy sophisticated hacking capabilities against personal devices.