The ups and downs of 0-days

In 2022, researchers detected and disclosed 41 in-the-wild zero-day vulnerabilities — the second-highest yearly total since tracking began — and identified key trends: long Android patching windows turning n-days into effective 0-days, a shift toward 0-click exploits and non-browser targets, a large fraction of 0-days being variants of earlier bugs, and increased occurrences of multiple parties colliding on the same vulnerabilities; the report urges faster patching, broader mitigations, and greater vendor-defender collaboration.