Zero-day Exploits in Enterprise Tech Surge by 64% in 2023, Google Reports

The increase in enterprise-specific zero-day vulnerabilities outpaces overall zero-day bugs, with significant contributions from state-sponsored and commercial surveillance actors.

Google's Threat Analysis Group and Mandiant tracked 97 zero-day vulnerabilities in 2023, a notable increase from the previous year.
Enterprise-specific technology zero-days increased by 64% compared to 2022, highlighting a shift towards targeting enterprise software and appliances.
Significant advancements in end-user platform security have been made, with investments by Apple, Google, and Microsoft reducing the number of exploitable zero-days.
Commercial surveillance vendors and government cyberspies were the primary exploiters of zero-days, with China leading in state-sponsored attacks.
Recommendations include embracing transparency, building strong security foundations, and preparing for in-the-wild zero-day discoveries.