“Consistent with the trend we have observed for nearly a decade, in comparison to other state sponsors, PRC-nexus groups remained the most prolific users of zero-day vulnerabilities in 2025. These groups, such asUNC5221andUNC3886, continued to focus heavily on security appliances and edge devices to maintain persistent access to strategic targets,” Google said in its report.Enterprises increasingly targetedGoogle highlighted that 43 of the zero-days, representing nearly half of the total, affected enterprise technologies, which is an all-time high.Many attacks were aimed at networking and cybersecurity appliances with the goal of gaining initial access.“Increased exploitation of security and networking devices highlights the critical risk that can be posed by trusted edge infrastructure, while targeting of enterprise software exhibits the value of highly interconnected platforms that provide privileged access across networks and data assets,” Google explained.Google believes AI will be increasingly used in 2026. While threat actors will leverage AI to accelerate vulnerability discovery and exploit development, defenders can use it to enhance security operations, including proactively discovering unknown vulnerabilities and neutralizing them before they are weaponized.Additional information and insights can be found in Google’sfull report.Related:Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global AttacksRelated:Cisco Warns of More Catalyst SD-WAN Flaws Exploited in the WildRelated:Android Update Patches Exploited Qualcomm Zero-Day
Google highlighted that 43 of the zero-days, representing nearly half of the total, affected enterprise technologies, which is an all-time high.Many attacks were aimed at networking and cybersecurity appliances with the goal of gaining initial access.“Increased exploitation of security and networking devices highlights the critical risk that can be posed by trusted edge infrastructure, while targeting of enterprise software exhibits the value of highly interconnected platforms that provide privileged access across networks and data assets,” Google explained.Google believes AI will be increasingly used in 2026. While threat actors will leverage AI to accelerate vulnerability discovery and exploit development, defenders can use it to enhance security operations, including proactively discovering unknown vulnerabilities and neutralizing them before they are weaponized.Additional information and insights can be found in Google’sfull report.Related:Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global AttacksRelated:Cisco Warns of More Catalyst SD-WAN Flaws Exploited in the WildRelated:Android Update Patches Exploited Qualcomm Zero-Day
Many attacks were aimed at networking and cybersecurity appliances with the goal of gaining initial access.“Increased exploitation of security and networking devices highlights the critical risk that can be posed by trusted edge infrastructure, while targeting of enterprise software exhibits the value of highly interconnected platforms that provide privileged access across networks and data assets,” Google explained.Google believes AI will be increasingly used in 2026. While threat actors will leverage AI to accelerate vulnerability discovery and exploit development, defenders can use it to enhance security operations, including proactively discovering unknown vulnerabilities and neutralizing them before they are weaponized.Additional information and insights can be found in Google’sfull report.Related:Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global AttacksRelated:Cisco Warns of More Catalyst SD-WAN Flaws Exploited in the WildRelated:Android Update Patches Exploited Qualcomm Zero-Day
“Increased exploitation of security and networking devices highlights the critical risk that can be posed by trusted edge infrastructure, while targeting of enterprise software exhibits the value of highly interconnected platforms that provide privileged access across networks and data assets,” Google explained.Google believes AI will be increasingly used in 2026. While threat actors will leverage AI to accelerate vulnerability discovery and exploit development, defenders can use it to enhance security operations, including proactively discovering unknown vulnerabilities and neutralizing them before they are weaponized.Additional information and insights can be found in Google’sfull report.Related:Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global AttacksRelated:Cisco Warns of More Catalyst SD-WAN Flaws Exploited in the WildRelated:Android Update Patches Exploited Qualcomm Zero-Day
Google believes AI will be increasingly used in 2026. While threat actors will leverage AI to accelerate vulnerability discovery and exploit development, defenders can use it to enhance security operations, including proactively discovering unknown vulnerabilities and neutralizing them before they are weaponized.Additional information and insights can be found in Google’sfull report.Related:Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global AttacksRelated:Cisco Warns of More Catalyst SD-WAN Flaws Exploited in the WildRelated:Android Update Patches Exploited Qualcomm Zero-Day
Additional information and insights can be found in Google’sfull report.Related:Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global AttacksRelated:Cisco Warns of More Catalyst SD-WAN Flaws Exploited in the WildRelated:Android Update Patches Exploited Qualcomm Zero-Day
Related:Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global AttacksRelated:Cisco Warns of More Catalyst SD-WAN Flaws Exploited in the WildRelated:Android Update Patches Exploited Qualcomm Zero-Day
Related:Cisco Warns of More Catalyst SD-WAN Flaws Exploited in the WildRelated:Android Update Patches Exploited Qualcomm Zero-Day
Related:Android Update Patches Exploited Qualcomm Zero-Day
Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
Source: SecurityWeek
