Google Uncovers 90 Zero-Day Vulnerabilities Under Active Exploitation in 2025

GTIG's 2025 review reports 90 zero-day vulnerabilities actively exploited in the wild, with a notable shift toward targeting enterprise edge devices, networking and virtualization platforms, and mobile systems; the report highlights involvement from Chinese state-sponsored groups (e.g., UNC3886, UNC5221), commercial spyware vendors, and financially motivated actors (FIN11, CL0P), cites multiple high-risk CVEs (e.g., CVE-2025-21590, CVE-2025-0282, CVE-2025-40602, CVE-2025-61882, CVE-2025-8088, CVE-2025-21042), and recommends defense-in-depth measures such as asset segmentation, driver blocklists, and SBOMs.