90 Zero-day Exploits Targeted Users Globally
Hackers Exploited 90 Zero-Day Bugs In 2025, Google Says
Google reports hackers exploited 90 zero-day vulnerabilities in 2025, highlighting rising cybersecurity threats and activity from commercial spyware and China-linked groups.
Google says hackers exploited 90 zero-day vulnerabilities in the wild last year, up from 78 in 2024. Most attacks came from commercial spyware vendors and groups linked to China, according to the company’s annual Threat Analysis report.
What Are Zero-Days?
Zero-days are literally security flaws that software makers have had zero days to fix. Once discovered by hackers, they can be used to sneak into systems before a patch is released. They’re the kind that can let someone silently grab data, monitor activity, or take over devices.
Targets And Exploits
Google reported that most of the zero-days targeted Chrome, Android, and Windows users through web-based exploits. Some were chained together with phishing campaigns, and others were bundled into malware distributed via apps and email attachments. Known flaws were patched after discovery, but the rapid increase shows how busy hackers are staying ahead of devs.
Commercial Spyware And Legal Issues
Commercial spyware firms (like NSO Group, Candiru, Variston) are a big piece of the puzzle. They sell access to zero-days or tools built on them to governments and other clients. In some cases, these attacks are legal in the purchaser’s country, but illegal in the target’s jurisdiction. That makes the ethical and legal landscape even more complicated.
China-Linked Groups
China-linked threat actors (e.g., APT41, Mustang Panda variants) were responsible for the largest number of zero-day exploits last year. Google says that attribution is never perfect, but patterns in code, tactics, and infrastructure point strongly to certain groups operating from the region.
This is one of those stories that’s easy to skim and forget, but the reality is your phone, browser, or laptop has been a moving target all year. Ninety new ways in a single year is a lot. For most people, keeping software updated and avoiding sketchy downloads is still the simplest defense, but behind the scenes, a lot of humans and AI are racing to keep up, and sometimes attackers are a step ahead.
Tags
Join the Discussion
Enjoyed this? Ask questions, share your take (hot, lukewarm, or undecided), or follow the thread with people in real time. The community’s open, join us.
Latest in Data Defense
Hackers Exploited 90 Zero-Day Bugs In 2025, Google Says
Mar 7, 2026
Elasticsearch Misconfigurations Expose 43M+ Records Online
Feb 18, 2026
Moltbook Exposed Millions of API Keys and Personal Data
Feb 4, 2026
Claude Code and Moltbot Hit by Malicious AI Skills
Jan 31, 2026
149 Million Login Credentials Exposed in Massive Leak
Jan 24, 2026
Right Now in Tech
Netflix Drops Out of Warner Bros. Race, Paramount Left Standing
Feb 27, 2026
Court Tosses Musk’s Claim That OpenAI Stole xAI Trade Secrets
Feb 26, 2026
Meta’s Age Verification Push Reignites Online Anonymity Debate
Feb 23, 2026
Substack Adds Polymarket Tools. Journalists Have Questions.
Feb 20, 2026
Netflix Ends Support for PlayStation 3 Streaming App
Feb 18, 2026