Google warns that cybercriminals have exploited 90 zero-day security vulnerabilities.
Year after year, cyberattacks that exploit previously unknown vulnerabilities increase. According to a report from Google's Threat Intelligence team, 90 zero-day vulnerabilities were actively exploited in 2025, representing a 15% increase from 2024.
To clarify, zero-day vulnerabilities are security flaws in software or systems that attackers exploit before the manufacturer becomes aware of the problem or releases an update to fix it. These flaws are especially valuable to cybercriminals because they enable initial system access, remote code execution, and privilege escalation.
According to the report prepared by Google's Threat Intelligence team, of the 90 vulnerabilities exploited last year, 47 affected end-user platforms, while 43 targeted enterprise products.
Among the types of flaws discovered were remote code execution vulnerabilities, injection errors, and memory corruption problems.
One of the most notable findings is that memory security vulnerabilities accounted for approximately 35% of all zero-day vulnerabilities exploited last year.
In the enterprise sector, the most targeted systems were security devices, network infrastructure, virtualization platforms, and virtual private network (VPN) services. These systems are particularly attractive to attackers because they provide privileged access to corporate networks.
The report also indicates that operating systems were the most frequent target. Last year, attacks exploiting 24 previously unknown vulnerabilities in desktop systems and 15 in mobile platforms were recorded.
Interestingly, the number of exploited security vulnerabilities in web browsers has dropped to just eight cases, a much lower number than in previous years.
Among the manufacturers most affected, Microsoft stands out with 25 exploited security vulnerabilities. Google follows with 11, and then Apple with 8.
Researchers also warn that the use of artificial intelligence tools could accelerate the discovery of security vulnerabilities and the development of exploits. Therefore, the number of attacks exploiting zero-day vulnerabilities is expected to remain high throughout 2026.