\n<\/p>\n
A new report by Google found that about half of the zero-day bugs it tracked last year exploited enterprise devices, marking a new high for hackers who are increasingly finding new ways to target large companies and steal their data.<\/p>\n
According to the search and security giant\u2019s annual report<\/a>, 48% of the tracked zero-days \u2014 vulnerabilities in software that are unknown to its maker at the time they are exploited \u2014 were found in technologies used by corporations and large businesses. About half of those zero-days exploited the very devices that are designed to protect enterprise networks from digital intruders.<\/p>\n Google said security and networking devices, such as firewalls made by Cisco<\/a> and Fortinet<\/a>, and VPN and virtualization platforms like Ivanti<\/a> and VMware<\/a>, were among the top targeted vendors last year. All four of the companies said hackers have exploited their products on customer networks in recent months.<\/p>\n Google\u2019s researchers said that hackers exploited common flaws, like input validation and incomplete authorization processes, to break through firewall and VPN defenses to gain access to customer networks. These classes of bugs are generally easier to exploit, but typically require a software update to fix.\u00a0<\/p>\n The company also pointed to other buggy software that makes up the remaining half of enterprise zero-days. Google noted the Clop extortion gang\u2019s campaign against Oracle E-Business Suite customers, which allowed hackers to walk away with reams of human resources data from dozens of companies<\/a> about their staff and executives. The hacks affected Harvard University<\/a>, the American Airlines subsidiary Envoy<\/a>, and The Washington Post<\/a>, among others.<\/p>\n The remaining 52% of zero-day bugs were found in consumer and end-user products, such as those made by Microsoft, Google, and Apple, according to the report. Most of the zero-days in consumer software were found in operating systems, with mobile devices also seeing more zero-days than in previous years.<\/p>\n Google said it also attributed more zero-days to surveillance vendors than traditional government-backed espionage groups. Surveillance vendors are typically spyware makers and exploit developers, which work on behalf of governments to hack into people\u2019s phones. Google said this shift demonstrated \u201ca slow but sure movement in the landscape\u201d in how governments seek access to hacking tools.<\/p>\n Techcrunch event<\/p>\n \n\t\t\t\t\t\t\t\t\tSan Francisco, CA<\/span>
\n\t\t\t\t\t\t\t\t\t\t\t\t\t|<\/span>
\n\t\t\t\t\t\t\t\t\t\t\t\t\tOctober 13-15, 2026<\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/div>\n<\/div>\n