A new report from Google found that nearly half of the zero-day bugs it tracked last year exploited enterprise devices, a record high for hackers who are increasingly finding new ways to target large companies and steal data.
According to the search and security giant's annual report, 48% of tracked zero-days (software vulnerabilities unknown to the manufacturer at the time of exploitation) were found in technology used by enterprises and large enterprises. Approximately half of these zero-days exploited the very devices designed to protect corporate networks from digital intruders.
Google said security and networking devices such as firewalls from Cisco and Fortinet, and VPN and virtualization platforms such as Ivanti and VMWare were among the top vendors targeted last year. All four companies said hackers had exploited their products on customer networks in recent months.
Google researchers say hackers exploited common flaws such as input validation and incomplete authentication processes to bypass firewalls and VPN defenses and gain access to customer networks. These classes of bugs are generally easy to exploit, but require software updates to fix.
The company also pointed to other buggy software that makes up the other half of enterprise zero-days. Google noted that the Clop extortion group's campaign against Oracle E-Business Suite customers allowed hackers to exfiltrate large amounts of human resources data on employees and executives at dozens of companies. The hack affected Harvard University, American Airlines subsidiary Envoy, and the Washington Post, among others.
The remaining 52% of zero-day bugs were found in consumer and end-user products, including products manufactured by Microsoft, Google, and Apple, according to the report. Most consumer software zero-days occur in operating systems, and mobile devices are also experiencing more zero-days than last year.
Google also said there are more zero-days from surveillance vendors than from traditional government-backed spy groups. Surveillance vendors are typically spyware makers and exploit developers who hack people's phones on behalf of the government. Google said the change signals a “slow but steady shift” in the way governments seek access to hacking tools.
tech crunch event
San Francisco, CA | October 13-15, 2026