In 2024, Google reported a total of 75 zero-day vulnerabilities actively exploited, marking a decrease from 98 in 2023 but an increase from 63 in 2022.

Of these vulnerabilities, 10 were linked to state-sponsored espionage, predominantly from China, Russia, and South Korea.

Enterprise products from companies like Ivanti, Palo Alto Networks, and Cisco emerged as attractive targets for threat actors due to their monitoring limitations and the severity of individual vulnerabilities.

Google's report highlights that software makers are enhancing defenses against zero-day attacks, making it increasingly difficult for exploit developers to find vulnerabilities.

Despite these advancements, Google predicts that zero-day exploitation will continue to rise, especially in enterprise technology.

In 2024, over half of the zero-days enabled remote code execution or privilege escalation, with common vulnerabilities including use-after-free, command injection, and cross-site scripting.

The report emphasizes the critical importance of robust security measures and timely updates to mitigate risks associated with zero-day vulnerabilities.

More than half of the zero-day attacks in 2024 were attributed to cyber-espionage actors, including government-backed groups and clients of commercial surveillance vendors.

The report indicates a shift in focus towards enterprise technologies, compelling vendors to enhance their security measures against rising zero-day exploitation.

Notable zero-day vulnerabilities exploited in 2024 included those affecting Ivanti Cloud Services Appliance, Cisco Adaptive Security Appliance, and Palo Alto Networks PAN-OS.

According to Google security engineer Clément Lecigne, spyware companies are improving their operational security to avoid negative exposure.

The Google Threat Intelligence Group anticipates a continued increase in zero-day attacks, underscoring the need for enterprises to strengthen their detection and response strategies.