UPDATED 06:00 EDT / APRIL 29 2025

SECURITY

Google report finds drop in zero-day exploitation in 2024 but warns enterprise risks are rising

The Google Threat Intelligence Group today released its annual 2024 zero-day trends report, surprisingly finding that there was a reduction in zero-day threats exploited in the wild last year despite a long-term upward trend.

A zero-day threat is a type of cyberattack that targets a software vulnerability unknown to the maker of the software or product and because it’s unknown, no patch or fix is available at the time of exploitation. Attackers exploit undisclosed flaws to gain unauthorized access, steal data, or disrupt systems before defenses can be implemented.

Through 2024, Google’s researchers identified 75 zero-day vulnerabilities exploited in the wild, down from 98 in 2023 but up from 63 in 2022.

Attacks against browsers and mobile devices were found to have declined sharply, while conversely, attackers took a particular interest in enterprise-focused technologies, which became a larger target last year, accounting for 44% of all zero-day exploits. Security and networking appliances were also found to be particularly attractive to attackers, as these systems offer broad access to networks and often have weaker monitoring capabilities.

By operating system and with zero surprise, Microsoft Windows continued to be a popular target for attacks, with the number of exploited zero-day vulnerabilities rising to 22 in 2024. Google’s Chrome remained the most targeted browser and Android devices continued to suffer from vulnerabilities in third-party components, although overall mobile exploitation fell compared to the previous year.

How attacks were getting through are noted in the report to include use-after-free flaws, command injection bugs and cross-site scripting vulnerabilities were the most common. A use-after-free flaw is a vulnerability where a program continues to use memory after it has been freed, allowing attackers to execute malicious code or cause system crashes.

By origin, the report attributed more than half of the exploited zero-days to cyber espionage groups, including actors allegedly backed by China and North Korea. Commercial surveillance vendors are also noted in the report as being active players, although improvements in their operational security made attribution more challenging than it had been in previous years.

Non-espionage groups, such as financially motivated FIN11 and CIGAR, were also observed exploiting zero-days in campaigns aimed at extortion and espionage. Notably, for the first time, North Korean state-backed actors matched alleged Chinese groups in the number of zero-day exploits attributed to them, marking a significant escalation in their operational focus.

Google’s researchers concluded by warning that while vendor security efforts have made it harder to exploit certain technologies, zero-day exploitation is likely to continue rising gradually. The report urges vendors, particularly those providing enterprise software and networking devices, to strengthen their defenses through better coding practices, broader monitoring and architectural safeguards like network segmentation.

Image: SiliconANGLE/Reve

A message from John Furrier, co-founder of SiliconANGLE:

Support our open free content by sharing and engaging with our content and community.

Join theCUBE Alumni Trust Network

Where Technology Leaders Connect, Share Intelligence & Create Opportunities

11.4k+  
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+ 
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.

SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.