Google says 90 zero-days were exploited in attacks last year

Google Threat Intelligence Group reports 90 zero-day vulnerabilities were exploited in 2025 (a 15% increase from 2024), affecting both end-user platforms and enterprise products; memory-safety issues made up 35% of exploited flaws, Microsoft was the most-targeted vendor, and commercial spyware vendors emerged as the largest users of undocumented flaws. The report notes targeted systems include security appliances, networking and virtualization, highlights state-linked and financially motivated actors, and recommends reducing attack surface, vigilant monitoring, and rapid patching.