Zero-day exploitation shifted toward enterprise software and appliances in 2025
Target Trend
Summary
Hide ▲
Show ▼
In 2025, zero-day exploitation shifted further toward enterprise software and appliances, increasing risk to privileged infrastructure and broad network access. Google Threat Intelligence Group tracked 90 actively exploited zero-days, with 43 (48%) aimed at enterprise tech and 21 of those hitting security and networking solutions. The pattern suggests attackers are prioritizing edge devices and business infrastructure over browser targets, while browser zero-days fell to eight (9%).
Related Happenings
Pwn2Own Berlin 2026 multi-product zero-days privilege-escalation flaw
Vulnerability
First: 14.05.2026 21:53
Last: 14.05.2026 21:53
Sources 1
About this happening:
**Pwn2Own Berlin 2026** opened with **24 unique zero-days** demonstrated against **fully patched products**, creating immediate exposure across browser, OS, virtualization, enterp...
Pwn2Own Berlin 2026 multi-product zero-days privilege-escalation flaw
VulnerabilityAbout this happening: **Pwn2Own Berlin 2026** opened with **24 unique zero-days** demonstrated against **fully patched products**, creating immediate exposure across browser, OS, virtualization, enterp...
Widening enterprise endpoint protection and patch-management gap
Target Trend
First: 24.03.2026 15:15
Last: 24.03.2026 15:15
Sources 1
About this happening:
Enterprise endpoint protection is deteriorating as patch compliance lags, increasing the risk of breaches and downtime across managed devices. A **March 23, 2026** resilience inde...
Widening enterprise endpoint protection and patch-management gap
Target TrendAbout this happening: Enterprise endpoint protection is deteriorating as patch compliance lags, increasing the risk of breaches and downtime across managed devices. A **March 23, 2026** resilience inde...
2025 Ransomware trend toward built-in Windows tooling and lower ransom payment rates
Target Trend
First: 17.03.2026 23:41
Last: 17.03.2026 23:41
Sources 1
About this happening:
**Ransomware operators** are increasingly leaning on **built-in Windows tooling** while **ransom payment rates** continue to decline across **2025**, weakening extortion returns f...
2025 Ransomware trend toward built-in Windows tooling and lower ransom payment rates
Target TrendAbout this happening: **Ransomware operators** are increasingly leaning on **built-in Windows tooling** while **ransom payment rates** continue to decline across **2025**, weakening extortion returns f...
Rising zero-day exploitation across end-user and enterprise products in 2025
Target Trend
First: 05.03.2026 17:03
Last: 05.03.2026 17:03
Sources 1
About this happening:
**Zero-day exploitation** stayed elevated in **2025**, with **90 actively exploited flaws** spread across **end-user platforms** and **enterprise products**. That matters because...
Rising zero-day exploitation across end-user and enterprise products in 2025
Target TrendAbout this happening: **Zero-day exploitation** stayed elevated in **2025**, with **90 actively exploited flaws** spread across **end-user platforms** and **enterprise products**. That matters because...
UNC6353 and UNC6691 Coruna iOS exploit campaign
Campaign
First: 04.03.2026 21:06
Last: 04.03.2026 21:06
Sources 1
About this happening:
The **Coruna** iOS exploit campaign spread through **watering-hole** and **fake finance/crypto** lures, extending reach from **iPhone users** to **crypto users**. **UNC6353** used...
UNC6353 and UNC6691 Coruna iOS exploit campaign
CampaignAbout this happening: The **Coruna** iOS exploit campaign spread through **watering-hole** and **fake finance/crypto** lures, extending reach from **iPhone users** to **crypto users**. **UNC6353** used...
Timeline
-
06.03.2026 14:29 2 articles · 2mo ago
GTIG reports record 2025 shift toward enterprise zero-days
Technical Analysis UpdateGoogle Threat Intelligence Group reported that 2025 saw a record 90 zero-day vulnerabilities actively exploited in the wild, with 43 (48%) targeting enterprise software and appliances and 21 of those hitting security and networking solutions. End-user platforms still accounted for 52% (47) of tracked zero-days, mobile operating systems rose to 15, browser-based zero-days fell to eight, and Microsoft Windows was the most targeted operating system.
Show sources
- Zero‑Day Attacks on Enterprise Software Reach Record High, Google Warns — www.infosecurity-magazine.com — 06.03.2026 14:29
- Zero‑Day Attacks on Enterprise Software Reach Record High, Google Warns — www.infosecurity-magazine.com — 06.03.2026 14:29