Google’s Threat Intelligence Group (GTIG) has reported a total of 75 zero-day vulnerabilities exploited in the wild during 2024, a figure that denotes a reduction from the 98 observed in 2023, but still an uptick from 2022’s tally of 63.
The findings highlight an evolving threat landscape, with particular emphasis on the expansion of attacks beyond traditional end-user platforms to include a wider array of enterprise-focused technologies, such as security appliances and networking software.
Enterprise Technologies Emerge as Prime Targets in 2024
Zero-days-vulnerabilities actively exploited before a vendor patch-remain a sought-after weapon for sophisticated threat actors.
GTIG’s data, which synthesizes internal threat tracking with open-source breach investigations, shows that while overall numbers have fluctuated year-on-year, the underlying trend of zero-day exploitation is on a gradual but consistent rise, driven in part by improved detection and more transparent public disclosures.
A key trend in 2024 is the intensified targeting of enterprise products. Of the 75 zero-days tracked, 44% (33 vulnerabilities) impacted enterprise technologies-a record high-while the remainder affected end-user systems such as browsers, desktops, and mobile operating systems.
Notably, security and networking appliances comprised more than 60% of enterprise-specific exploitation, with vendors like Ivanti, Palo Alto Networks, and Cisco being frequently affected.
These products, which often serve as critical infrastructure within organizations, offer attackers a high-impact vector for system and network compromise due to their privileged access and operational centrality.
Decrease in Browser and Mobile Exploitation Observed as Threat Actors Diversify
Conversely, the exploitation of browsers and mobile devices has declined, with notable drops in zero-days targeting both areas.
For browsers, Google Chrome remained the primary focus, likely reflecting its global user base, while mobile device zero-days increasingly exploited third-party components within the Android ecosystem.
Desktop operating systems, particularly Microsoft Windows, however, experienced a surge, accounting for almost 30% of all zero-day cases in 2024-a stark increase from 2023.
From an attribution standpoint, over half of the identified zero-day exploits were tied to cyber espionage actors.
State-sponsored groups, particularly those backed by China and North Korea, persist as dominant players.
For the first time, North Korean actors matched Chinese groups in the number of zero-day exploits attributed to them, with a mix of financially motivated and espionage-driven campaigns.
Additionally, commercial surveillance vendors (CSVs) continue to facilitate access to zero-day exploits for a variety of customers, despite a slight dip in their attributed activity compared to last year-a trend possibly linked to improved operational security practices among CSVs.
Technically, the most frequently exploited vulnerability types included use-after-free errors, command and code injections, and cross-site scripting (XSS)-all pointing to persistent software development shortcomings.
The predominance of such vulnerabilities underscores the critical need for safe coding practices, regular code reviews, and the remediation of legacy systems.
To counteract this expanding threat landscape, GTIG urges vendors-especially those in the enterprise technology sector-to elevate their security architectures, apply least-privilege principles, and invest in tooling that enables continuous monitoring, even in environments where endpoint detection and response (EDR) coverage is limited.
Google’s report underscores the importance of proactive mitigation, threat surface awareness, and coordinated vulnerability disclosure in reducing the lifecycle and impact of zero-day exploits.
As threat actors diversify their targets and tactics, the balance of power in zero-day exploitation will continue to reflect both the resilience of vendor security investments and the adaptability of adversarial techniques.
The report concludes that while notable progress has been made, the steady pace of zero-day activity signals an ongoing and dynamic cyber risk landscape for both consumers and enterprises.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
 has reported a total of 75 zero-day vulnerabilities exploited in the wild during 2024.){kind=link}