Overview

• Google's Threat Intelligence Group recorded 75 zero-day vulnerabilities exploited in 2024, down from 97 in 2023 but continuing an overall upward trend.
• Over half of the attributed zero-day attacks were linked to state-sponsored hackers and commercial surveillance vendors, with China and North Korea each responsible for five exploits.
• Enterprise technologies accounted for 44% of zero-day exploits in 2024, with security and networking products making up over 60% of these attacks.
• Exploits targeting end-user platforms like browsers and mobile devices declined, reflecting improved vendor security measures and proactive defenses.
• Google anticipates steady growth in zero-day exploitation, urging vendors to adopt secure-by-design practices and enhance vulnerability management.