2 min

Tags in this article

, , ,

Figures from Google show that last year there were 97 actively exploited zero-day vulnerabilities. In 2022, the number was still 62 vulnerabilities.

With this, the upward trend has returned. A year ago, the figures still showed a positive trend downward. According to Google data, the year 2021 marked a record with 106 vulnerabilities. 2022 showed an explosive decrease, but now the number of actively exploited zero-days is again nearing the previous record.

Most of the 97 vulnerabilities are related to end-user platforms and products, including mobile devices, operating systems, browsers, and other applications. 61 of the zero-days were related to such platforms. Windows (17 zero-days), Safari (11 zero-days), Android (9 zero-days), iOS (9 zero-days), and Chrome (8 zero-days) are the most actively exploited vulnerabilities in this category.

Google classifies the remaining zero-days as enterprise-focused technology, such as security software and appliances. Specifically, Google lists Barracuda Email Security Gateway, Cisco Adaptive Security Appliance, Ivanti Endpoint Manager Mobile and Sentry, and Trend Micro Apex One as services that account for a good portion of the actively abused zero-days. According to the figures, hackers also find enterprise technology increasingly interesting: in 2019, 11.8% of zero-days still affected this type of technology, while the percentage has now risen to 37.1%.


Of the 58 actively abused zero-days, Google was also able to determine the cybercriminals’ motives. 48 zero-days were used for espionage. Google attributes a large portion of these to China. Russia, North Korea, and Belarus could also be traced as countries abusing zero-days for espionage. Hackers whose motive was not espionage were mainly for financial gain.

Tip: Iranian state hackers carry out destructive attacks on Israel