Chinese state hackers and spyware vendors are fueling a rise in zero-day attacks, which increasingly target enterprise software and devices — security and networking products in particular.

CSO Online offers insights into cybersecurity, risk management, and IT leadership, providing articles, reports, and expert analysis to help security professionals navigate the evolving threat landscape and protect their organizations from cyber attacks. By exploring CSO Online's curated content, CISOs, security managers, and IT executives can learn about threat intelligence, security frameworks, and incident response strategies for building resilient cybersecurity programs. Whether you're defending against ransomware, phishing attacks, or insider threats, CSO Online offers resources to strengthen your security posture and safeguard your digital assets.

CSO Online

Google's Threat Intelligence Group tracked 90 zero-day vulnerabilities exploited in 2025, with Chinese state-sponsored groups doubling their count and commercial surveillance vendors surpassing state actors in attributed zero-days for the first time. Nearly half of all zero-days targeted enterprise technologies, especially security appliances, VPNs, and networking devices. The window between public disclosure and active exploitation is shrinking — nearly a third of exploited vulnerabilities were attacked on or before their disclosure date. Ransomware groups also doubled their zero-day usage. Recommendations include network segmentation, emergency patching processes, software bills of materials, real-time asset inventories, and least-privilege architecture to reduce exposure.

Zero-day exploits hit enterprises faster and harder