Logo
READLEARNKNOWCONNECT
Back to posts
90-zero-day-exploits-targeted-users-globally

90 Zero-day Exploits Targeted Users Globally

ChriseMarch 07, 2026 at 10 AM WAT
CybersecurityData Defense

Hackers Exploited 90 Zero-Day Bugs In 2025, Google Says

Google reports hackers exploited 90 zero-day vulnerabilities in 2025, highlighting rising cybersecurity threats and activity from commercial spyware and China-linked groups.

Google says hackers exploited 90 zero-day vulnerabilities in the wild last year, up from 78 in 2024. Most attacks came from commercial spyware vendors and groups linked to China, according to the company’s annual Threat Analysis report.

What Are Zero-Days?

Zero-days are literally security flaws that software makers have had zero days to fix. Once discovered by hackers, they can be used to sneak into systems before a patch is released. They’re the kind that can let someone silently grab data, monitor activity, or take over devices.

Targets And Exploits

Google reported that most of the zero-days targeted Chrome, Android, and Windows users through web-based exploits. Some were chained together with phishing campaigns, and others were bundled into malware distributed via apps and email attachments. Known flaws were patched after discovery, but the rapid increase shows how busy hackers are staying ahead of devs.

Commercial Spyware And Legal Issues

Commercial spyware firms (like NSO Group, Candiru, Variston) are a big piece of the puzzle. They sell access to zero-days or tools built on them to governments and other clients. In some cases, these attacks are legal in the purchaser’s country, but illegal in the target’s jurisdiction. That makes the ethical and legal landscape even more complicated.

China-Linked Groups

China-linked threat actors (e.g., APT41, Mustang Panda variants) were responsible for the largest number of zero-day exploits last year. Google says that attribution is never perfect, but patterns in code, tactics, and infrastructure point strongly to certain groups operating from the region.

This is one of those stories that’s easy to skim and forget, but the reality is your phone, browser, or laptop has been a moving target all year. Ninety new ways in a single year is a lot. For most people, keeping software updated and avoiding sketchy downloads is still the simplest defense, but behind the scenes, a lot of humans and AI are racing to keep up, and sometimes attackers are a step ahead.

Tags

#china#cybersecurity#google#malware#zero-day

Join the Discussion

Enjoyed this? Ask questions, share your take (hot, lukewarm, or undecided), or follow the thread with people in real time. The community’s open, join us.

Discord Community

Chat, code sharing & more

YouTube Comments

Video version & comments

Latest in Data Defense

axios-npm-package-compromised

Axios npm Package Backdoored in Supply Chain Attack

Mar 31, 2026

darksword-exploit-code-goes-public

DarkSword: iPhone Exploit Code Is Now Public

Mar 24, 2026

the-scam-in-your-messages

Scam Messages Are Flooding WhatsApp and SMS Again. Learn How To Stay Safe

Mar 14, 2026

90-zero-day-exploits-targeted-users-globally

Hackers Exploited 90 Zero-Day Bugs In 2025, Google Says

Mar 7, 2026

exposure-caused-by-misconfiguration

Elasticsearch Misconfigurations Expose 43M+ Records Online

Feb 18, 2026

Right Now in Tech

ps5-price-hike-the-ai-did-it

PS5 Price Hike: $650 for Standard, $900 for Pro Starting April 2

Mar 28, 2026

mac-pro-sunset

Apple Discontinues Mac Pro, Ends Intel Era

Mar 27, 2026

openai-shuts-down-sora

OpenAI Is Pulling the Plug on Sora

Mar 26, 2026

jury-finds-meta-and-youtube-liable

Meta and YouTube Ordered to Pay $3M in Landmark Social Media Ruling

Mar 25, 2026

samsung-and-iphone-finally-share-nicely

Your Galaxy S26 Can Finally AirDrop to an iPhone

Mar 23, 2026