A new Google report found that about half of the zero-day bugs it detected last year exploited corporate devices, marking a new high for hackers who are increasingly finding new ways to target large companies and steal their data.
According to the research and security giant annual report48% of tracked zero days — vulnerabilities in software unknown to the developer at the time of exploitation — were found in technologies used by corporations and large enterprises. About half of those zero-days exploited the very devices designed to protect corporate networks from digital attackers.
Google said that security and networking appliances such as firewalls made by Cisco and Fortinet, as well as VPN and virtualization platforms such as Ivanti and VMware, were among the top vendors targeted last year. All four companies said hackers have exploited their products on customer networks in recent months.
Google researchers said hackers exploited common flaws, such as login validation and incomplete authorization processes, to penetrate firewall and VPN defenses to gain access to customer networks. These types of bugs are generally easier to exploit, but usually require a software update to fix.
The company also pointed to the other buggy software that makes up the other half of the company’s zero days. Google noted the Clop gang’s campaign against Oracle E-Business Suite customers, which allowed hackers to make off with tons of HR data from dozens of companies about their staff and executives. The hacks had an effect Harvard Universitythe Subsidiary of American Airlines Envoyand the Washington Post, among others.
The remaining 52% of zero-day bugs were found in consumer and end-user products, such as those made by Microsoft, Google and Apple, according to the report. Most of the zero days in consumer software were found in operating systems, with mobile devices also having more zero days than in previous years.
Google also said it has attributed more zero days to tracking vendors than traditional government-backed spying groups. Surveillance vendors are usually spyware makers and exploit developers, who work on behalf of governments to hack into people’s phones. Google said this change showed “a slow but sure movement across the landscape” in how governments seek access to hacking tools.
Techcrunch event
San Francisco, California
|
13-15 October 2026
