Security News > 2024 > March > Miscreants are exploiting enterprise tech zero days more and more, Google warns
Zero-day exploits targeting enterprise-specific software and appliances are now outpacing zero-day bugs overall, according to Google's threat hunting teams.
While 61 of the 97 zero-days affected end-user products last year, this number isn't increasing as rapidly as its enterprise counterparts.
Across these end-user platforms the Googlers did note an increase in zero-days across third-party components and libraries, which gives attackers more bang for their buck and allows them to exploit one bug while affecting multiple products.
Moving back to the enterprise zero-days, Google's threat hunters attribute the increase to buggy security software and appliances in 2023.
Ivanti had three zero-day exploits last year, as did North Grid Corporation, giving these two vendors the dubious honor of being the most-exploited enterprise tech in 2023 in terms of zero-days.
A couple of notable stats from the new zero-day report: CSVs were responsible for 75 percent of known zero-day exploits targeting Google products and Android ecosystem devices in 2023, and 55 percent targeting iOS and Safari.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/03/27/surge_in_enterprise_zero_days/
Related news
- Google fixes Android zero-day exploited by Serbian authorities (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)