1. Forum
  2. Fidonet
  3. CONSPRCY

  • 75 zero-day exploitations

    From Mike Powell@1:2320/105 to All on Wed Apr 30 09:16:00 2025
    75 zero-day exploitations spotted by Google, governments increasingly responsible for attacks

    Date:
    Wed, 30 Apr 2025 12:00:00 +0000

    Description:
    Of all the zero-days abused in 2024, the majority were used in
    state-sponsored attacks by China and North Korea.

    FULL STORY

    In 2024, Googles Threat Intelligence Group (GTIG) discovered 75 zero-day vulnerabilities, and argued that the majority were used in state-sponsored hacking campaigns. The company made these claims in Hello zero-day my old friend, a 2024 exploitation analysis paper published recently.

    In the report, Google says that the number of zero-day flaws dropped compared to 2023 (from 98 to 75). However, the four-year trend is that the rate of zero-day exploitation continues to grow at a slow but steady pace.

    While consumer devices continue to be the most attacked targets, there is an increase in adversaries exploiting enterprise-specific technologies. In 2023, roughly a third (37%) of zero-days targeted enterprise products, jumping to
    44% last year. This, Google says, is primarily fueled by the increased exploitation of security and networking software and appliances.

    Governments at it again

    In fact, zero-day vulnerabilities in security software and appliances were a high-value target in 2024. Google says it identified 20 security and
    networking flaws, which was over 60% of all zero-day exploitation of
    enterprise technologies. Since the exploitation of these products results in
    a more efficient and extensive system and network compromise, Google expects threat actors focus on these technologies to continue growing.

    The biggest abusers of zero-day vulnerabilities are the governments, Google says. Between government-backed groups and customers of commercial
    surveillance vendors, actors conducting cyber espionage operations accounted for over 50% of the vulnerabilities we could attribute in 2024, the report says.

    Google singled out China as a major player in this regard, but also mentioned North Korea, whose operatives mixed espionage with financially motivated operations.

    The number of Windows exploits rose to 22 (from 16 the year before), while on Safari and iOS it fell (from 11 and 9 to 3 and 2). Android retained its lucky number 7, as did Chrome. Firefox was up from zero in 2023 to one in 2024.

    Via Ars Technica

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/75-zero-day-exploitations-spotted-by-go ogle-governments-increasingly-responsible-for-attacks

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)