Google Confirms 90 Zero-Day Vulnerabilities Actively Exploited in 2025

Google Threat Intelligence Group's 2025 review reports 90 zero-day vulnerabilities actively exploited in the wild, marking an increase from 2024 and a shift away from browsers toward enterprise infrastructure, mobile operating systems, and edge devices; Commercial Surveillance Vendors and PRC-nexus state actors (e.g., UNC3886, UNC5221) are prominent exploiters, with campaigns like BRICKSTORM targeting source code to accelerate future zero-day discovery. The report highlights enterprise technologies as nearly half of exploited zero-days, the use of chained mobile exploits, the rise of AI-assisted vulnerability discovery, and urges defenses such as strict network segmentation, real-time asset inventories, and tracking Software Bill of Materials (SBoM).