75 zero-day exploitations spotted by Google, governments increasingly responsible for attacks

• Google observed 75 zero-day bugs last year
• Most were used by state-sponsored actors
• Countries like China and North Korea were specifically mentioned

In 2024, Google’s Threat Intelligence Group (GTIG) discovered 75 zero-day vulnerabilities, and argued that the majority were used in state-sponsored hacking campaigns. The company made these claims in “Hello zero-day my old friend, a 2024 exploitation analysis” paper published recently.

In the report, Google says that the number of zero-day flaws dropped compared to 2023 (from 98 to 75). However, the four-year trend is that the rate of zero-day exploitation “continues to grow at a slow but steady pace.”

While consumer devices continue to be the most attacked targets, there is an increase in adversaries exploiting enterprise-specific technologies. In 2023, roughly a third (37%) of zero-days targeted enterprise products, jumping to 44% last year. This, Google says, is primarily fueled by the increased ...