Microsoft top company targeted with zero days in 2025, followed by Google and Apple: Full list here

Microsoft was the most targeted technology company in 2025, with 25 zero-day vulnerabilities actively exploited against its products, a new report from Google's Threat Intelligence Group (GTIG) has said. Google came second with 11, followed by Apple with eight. In total, GTIG tracked 90 zero-day vulnerabilities that were actively exploited throughout the year — a 15% jump from the 78 recorded in 2024, though still below the all-time record of 100 set in 2023.A zero-day vulnerability is a security flaw in software that attackers discover and exploit before the company that made the software even knows it exists. These flaws are extremely valuable to hackers who use it to break into systems, run malicious code remotely or gain elevated access to sensitive data.According to Google’s report, of the 90 zero-days tracked in 2025, 47 targeted everyday consumer products, for example things like operating systems (Microsoft Windows, Google’s Android and Apple’s iOS) and web browsers (Microsoft Edge, Google Chrome), while 43 targeted enterprise software used by businesses and organisations.Operating systems were the most heavily exploited category, the report said, adding that attackers used 24 zero-days against desktop operating systems and 15 against mobile platforms. On the enterprise side, the most targeted systems were security appliances, VPNs, networking infrastructure, and virtualization platforms — systems that give attackers broad access to a network and are often harder to monitor for suspicious activity.Web browsers, by contrast, were far less targeted than in previous years, with eight zero-days recorded. Google's analysts suggest this could mean browsers are getting harder to crack due to improved security, though they also note that hackers may simply be getting better at hiding their tracks.As mentioned, Microsoft was to top vendor with 25 zero-day exploits, followed by Google with 11, Apple with 8, and Cisco and Fortinet with 4 each, and Ivanti and VMware with 3 each.According to Google report, the flaws exploited ranged widely in type, including remote code execution bugs, privilege escalation flaws, injection attacks, and memory corruption issues. Memory safety problems alone accounted for 35% of all exploited zero-days last year.Among nation-states, the report said, China-linked hacking groups remained the most active. They exploited 10 zero-days in 2025 and targeted primarily networking equipment and security appliances. Financially motivated attackers were also a growing force, accounting for nine of the exploited flaws.