According to a recent report by Google, a significant portion of zero-day vulnerabilities identified in 2025 were aimed at exploiting enterprise technologies, particularly security and networking devices used by large corporations. These zero-day exploits, which are vulnerabilities unknown to software makers at the time of exploitation, targeted crucial devices like firewalls, VPNs, and virtualization platforms.
Google’s findings indicate that 48% of the tracked zero-days focused on technologies utilized by businesses, with a notable emphasis on security and networking equipment. Leading vendors such as Cisco, Fortinet, Ivanti, and VMware were among the prime targets for malicious hackers seeking to breach corporate networks.
Hackers leveraged common vulnerabilities like input validation and incomplete authorization processes to bypass firewall and VPN defenses, highlighting the importance of prompt software updates to mitigate such risks. Additionally, the report highlighted specific incidents, such as the Clop extortion gang’s campaign against Oracle E-Business Suite customers, resulting in the compromise of sensitive human resources data from various organizations.
The remaining 52% of zero-day vulnerabilities affected consumer and end-user products, with operating systems and mobile devices facing an increased number of exploits compared to previous years. This escalation in zero-day attacks underscores the critical need for robust cybersecurity measures across both enterprise and consumer technology landscapes.
Source: TechCrunch