Google reveals the nastiest zero-days it tracked this year

News
By published

Nation-states are more interested in exploiting zero-days

Cyber attack
Image Credit: Shutterstock (Image credit: No credit)

The number of zero-day vulnerabilities exploited in the wild continued on an upward trajectory in 2023, posing a worrying question for businesses and consumers alike, new research from Google's security experts has claimed.

A new report from Mandiant and Google's own Threat Analysis Group (TAG) analyzed the zero-day landscape, noting hackers were focused on third-party components and libraries, as that allowed them faster and easier scaling, for maximum impact.

According to the analysis, there were 87 zero-day vulnerabilities exploited in the wild last year, more than 50% compared to the year before (62). However, the year was somewhat better than the record-breaking 2021, when 106 zero-days were abused.

Nation-state attacks on the rise

Enterprises were, and continue to be, a major target, with hackers casting an ever-wider net, while state-sponsored groups keep grabbing the larger piece of the overall hacking pie.

Last year, most hackers focused on third-party components and libraries. Google claims that this type of vulnerability can scale to affect more than one product, making it a prime attack surface. “We saw this theme repeated across threat actors of all motivations, seeking vulnerabilities in products or components that provided broad access to multiple targets of choice.”

As targets, enterprise entities grew even more popular, and more varied last year. Google observed hackers increasingly targeting enterprise-specific technologies, with the total number of zero-days abused here, up by almost two-thirds (64%) year-on-year. “This increase was fueled mainly by the exploitation of security software and appliances,” Google added.

The report also argues that nation-states are more interested in exploiting zero-days than financially motivated hacking groups. That being said, China is still the number one, with its groups exploiting 12 zero-days last year, up from 7 the year before. This was “more than we were able to attribute to any other state,” Google concluded.

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Avast cybersecurity
An unpatched Windows zero-day flaw has been exploited by 11 nation-state attackers
Flags of Iran, China, Russia and North Korea on a wall. China North Korea Iran Russia alliance
Cybercrime is helping fund rogue nations across the world - and it's only going to get worse, Google warns
Android phone malware
Over 25 new malware variants created every single hour as smart device cyberattacks more than double in 2024
Best email services: image of email with one unread message alert
Over 400 million unwanted and malicious emails were received by businesses in 2024
Hacker Typing
Racing against time on a menacing caldera: survey finds majority of organizations take days to tackle critical vulnerabilities, each of them a potential open goal for cybercriminals
An illustration of a silhouetted thief in motion running while carrying a stolen fingerprint
The 5 worst cyberattacks of 2024
Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Latest in News
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
More about security
Android Logo

Devious new Android malware uses a Microsoft tool to avoid being spotted
Google Chrome

Google Chrome security flaw could have let hackers spy on all your online habits
Samsung Odyssey G9 OLED gaming monitor against a cyan TechRadar deals background

Our favorite ultrawide OLED monitor just got a massive discount for the Amazon Spring Sale - get it now before it nearly doubles in price!
See more latest
Most Popular
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
Render of a new RTX 4000 Max-Q gaming laptop.
I can't say I'm surprised, but Nvidia's RTX 5090 laptop GPU has a big performance leap over its predecessor, according to early benchmarks
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Apple Music on a tablet, showing a new Listening Guide feature
Apple Music Classical just got 3 excellent perks in its biggest upgrade since launch
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound