Google’s 2024 Zero-Day Report: Key Trends, Targets, and Exploits

Google’s 2024 Zero-Day Report documents 75 zero-days actively exploited before patching, showing a trend toward targeted attacks against enterprise infrastructure (firewalls, VPNs, security appliances) and continued use of long-standing flaw classes (use-after-free, command injection, XSS); attribution includes state-backed groups (China, North Korea), commercial surveillance vendors, and financially motivated actors, with several high-impact exploit chains and CVEs highlighted.