Google tracked 90 vulnerabilities exploited as zero-days last year, with Chinese cyberespionage groups doubling their count from 2024 and commercial surveillance vendors overtaking state-sponsored hackers for the first time. Nearly half of the recorded zero-days targeted enterprise technologies such as security appliances, VPNs, networking devices, and enterprise software platforms. “Increased exploitation of security and networking devices highlights the critical risk that can be posed by trusted edge infrastructure, while targeting of enterprise software exhibits the value of highly interconnected platforms that provide privileged access across networks and data assets,” the Google Threat ...