Google reveals the nastiest zero-days it tracked this year

Cyber attack
Image Credit: Shutterstock (Image credit: No credit)

The number of zero-day vulnerabilities exploited in the wild continued on an upward trajectory in 2023, posing a worrying question for businesses and consumers alike, new research from Google's security experts has claimed.

A new report from Mandiant and Google's own Threat Analysis Group (TAG) analyzed the zero-day landscape, noting hackers were focused on third-party components and libraries, as that allowed them faster and easier scaling, for maximum impact.

According to the analysis, there were 87 zero-day vulnerabilities exploited in the wild last year, more than 50% compared to the year before (62). However, the year was somewhat better than the record-breaking 2021, when 106 zero-days were abused.

Nation-state attacks on the rise

Enterprises were, and continue to be, a major target, with hackers casting an ever-wider net, while state-sponsored groups keep grabbing the larger piece of the overall hacking pie.

Last year, most hackers focused on third-party components and libraries. Google claims that this type of vulnerability can scale to affect more than one product, making it a prime attack surface. “We saw this theme repeated across threat actors of all motivations, seeking vulnerabilities in products or components that provided broad access to multiple targets of choice.”

As targets, enterprise entities grew even more popular, and more varied last year. Google observed hackers increasingly targeting enterprise-specific technologies, with the total number of zero-days abused here, up by almost two-thirds (64%) year-on-year. “This increase was fueled mainly by the exploitation of security software and appliances,” Google added.

The report also argues that nation-states are more interested in exploiting zero-days than financially motivated hacking groups. That being said, China is still the number one, with its groups exploiting 12 zero-days last year, up from 7 the year before. This was “more than we were able to attribute to any other state,” Google concluded.

More from TechRadar Pro

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Avast cybersecurity
An unpatched Windows zero-day flaw has been exploited by 11 nation-state attackers
Flags of Iran, China, Russia and North Korea on a wall. China North Korea Iran Russia alliance
Cybercrime is helping fund rogue nations across the world - and it's only going to get worse, Google warns
Android phone malware
Over 25 new malware variants created every single hour as smart device cyberattacks more than double in 2024
Best email services: image of email with one unread message alert
Over 400 million unwanted and malicious emails were received by businesses in 2024
Hacker Typing
Racing against time on a menacing caldera: survey finds majority of organizations take days to tackle critical vulnerabilities, each of them a potential open goal for cybercriminals
An illustration of a silhouetted thief in motion running while carrying a stolen fingerprint
The 5 worst cyberattacks of 2024
Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Latest in News
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC