Zero-day vulnerabilities: A growing cybersecurity threat

‘Zero-day attacks’ are considered to be among the most insidious and challenging cyber threats currently facing enterprises, as they leverage vulnerabilities in software that have not yet been identified by manufacturers. Once cybercriminals have gained access to these systems, they can launch cyber attacks that steal sensitive information or cause significant disruption to business operations. A recent report by Google’s Threat Intelligence Group found 75 zero-day vulnerabilities in 2024. While this is fewer than the 98 identified the previous year, it is a concerning trend. These vulnerabilities highlight the ongoing use of these techniques by hackers hired by governments and cybercrime groups. In particular, five attacks were attributed to groups supported by China and North Korea, highlighting the strategic use of these vulnerabilities for intelligence and financial purposes. Furthermore, it was found that over half of the vulnerabilities identified were exploited in cyber espionage operations. Google’s analysis revealed a decline in zero-day exploitation of targets such as browsers and mobile operating systems, partly due to advances in combating cyberattacks by software vendors.