A Shift From Browsers to Enterprise Targets: 2024 Zero-Day Exploitation Analysis

GTIG’s 2024 zero-day report found fewer total zero-days (75 vs. 98 in 2023) but a marked shift toward enterprise-focused exploitation: 44% of zero-days targeted enterprise software and networking appliances (notably VPNs, security gateways, and cloud tools), with security products themselves seeing substantial targeting. The analysis highlights high-impact exploit types (use-after-free, command injection, XSS), examples of chained WebKit and Firefox exploits (CVE-2024-44308/44309, CVE-2024-49039), and attributes over half of zero-day use to state-sponsored actors, warning that attackers increasingly prioritize privileged infrastructure to bypass endpoint defenses and recommending stronger secure-by-design, zero-trust, and access-hardening measures.