90 Zero-day Exploits Targeted Users Globally
Hackers Exploited 90 Zero-Day Bugs In 2025, Google Says
Google reports hackers exploited 90 zero-day vulnerabilities in 2025, highlighting rising cybersecurity threats and activity from commercial spyware and China-linked groups.
Google says hackers exploited 90 zero-day vulnerabilities in the wild last year, up from 78 in 2024. Most attacks came from commercial spyware vendors and groups linked to China, according to the company’s annual Threat Analysis report.
What Are Zero-Days?
Zero-days are literally security flaws that software makers have had zero days to fix. Once discovered by hackers, they can be used to sneak into systems before a patch is released. They’re the kind that can let someone silently grab data, monitor activity, or take over devices.
Targets And Exploits
Google reported that most of the zero-days targeted Chrome, Android, and Windows users through web-based exploits. Some were chained together with phishing campaigns, and others were bundled into malware distributed via apps and email attachments. Known flaws were patched after discovery, but the rapid increase shows how busy hackers are staying ahead of devs.
Commercial Spyware And Legal Issues
Commercial spyware firms (like NSO Group, Candiru, Variston) are a big piece of the puzzle. They sell access to zero-days or tools built on them to governments and other clients. In some cases, these attacks are legal in the purchaser’s country, but illegal in the target’s jurisdiction. That makes the ethical and legal landscape even more complicated.
China-Linked Groups
China-linked threat actors (e.g., APT41, Mustang Panda variants) were responsible for the largest number of zero-day exploits last year. Google says that attribution is never perfect, but patterns in code, tactics, and infrastructure point strongly to certain groups operating from the region.
This is one of those stories that’s easy to skim and forget, but the reality is your phone, browser, or laptop has been a moving target all year. Ninety new ways in a single year is a lot. For most people, keeping software updated and avoiding sketchy downloads is still the simplest defense, but behind the scenes, a lot of humans and AI are racing to keep up, and sometimes attackers are a step ahead.
Tags
Join the Discussion
Enjoyed this? Ask questions, share your take (hot, lukewarm, or undecided), or follow the thread with people in real time. The community’s open, join us.
Latest in Data Defense
Mini Shai Hulud Wormed Its Way Into GitHub
May 20, 2026
Shai-Hulud And npm In The Same Sentence?
May 20, 2026
Axios npm Package Backdoored in Supply Chain Attack
Mar 31, 2026
DarkSword: iPhone Exploit Code Is Now Public
Mar 24, 2026
Scam Messages Are Flooding WhatsApp and SMS Again. Learn How To Stay Safe
Mar 14, 2026
