Firewalls, VPNs, and virtualization platforms became prime targets as hackers increasingly attack the very systems meant to defend corporate networks.
Hackers Are Shifting Focus to Enterprise Infrastructure
A new Google security report reveals that 48% of zero-day vulnerabilities discovered in 2025 targeted enterprise technologies, the highest level the company has recorded.
Zero-days—software vulnerabilities unknown to vendors at the time they’re exploited—are among the most valuable tools in a hacker’s arsenal.
The report highlights a clear trend: attackers are increasingly focusing on corporate infrastructure rather than consumer software.
Key insight:
- Nearly half of the enterprise zero-days targeted security devices themselves.
In other words, attackers are breaching the systems designed to keep them out.
Security Tools Becoming Prime Targets
According to Google’s researchers, hackers frequently exploited flaws in enterprise networking and security products.
Vendors most often targeted included:
- Cisco – firewall and networking systems
- Fortinet – enterprise security platforms
- Ivanti – VPN and access management tools
- VMware – virtualization and cloud infrastructure software
All four companies confirmed that attackers recently exploited vulnerabilities in their products on customer networks.
These devices are particularly attractive targets.
If compromised, they provide direct access to corporate networks, allowing attackers to move laterally across systems and access sensitive data.
Common Bugs, Big Consequences
Many of the exploited vulnerabilities were not exotic or highly complex.
Instead, attackers often relied on well-known categories of software flaws, such as:
- Input validation errors
- Incomplete authorization checks
While these vulnerabilities are generally easier to exploit, they still require vendors to release software patches before they can be fixed.
The challenge for companies is applying those patches quickly enough to close the window of opportunity for attackers.
Enterprise Software Breaches Expand
Beyond infrastructure tools, attackers also exploited vulnerabilities in other enterprise applications.
Google cited a campaign by the Clop extortion gang, which targeted Oracle E-Business Suite customers.
The attacks allowed hackers to extract large volumes of human resources data from corporate systems.
Organizations reportedly affected included:
- Harvard University
- Envoy Air, a subsidiary of American Airlines
- The Washington Post
The stolen data reportedly included sensitive employee and executive information.
Consumer Software Still a Major Target
Despite the shift toward enterprise systems, consumer software still accounted for 52% of tracked zero-day vulnerabilities.
Many of those exploits were found in:
- Operating systems
- Mobile platforms
Major technology vendors such as Microsoft, Google, and Apple continued to face attacks targeting widely used consumer products.
However, the rising share of enterprise zero-days suggests attackers increasingly prefer high-value corporate targets.
Spyware Vendors Are Driving More Exploits
Google also observed a shift in who is developing these zero-day exploits.
The company attributed more vulnerabilities to surveillance vendors than to traditional government espionage groups.
These companies typically:
- Build spyware tools
- Develop exploits
- Sell hacking capabilities to government customers
According to Google, this reflects a broader change in how governments acquire cyber capabilities.
Instead of building exploits internally, they are increasingly buying them from specialized private vendors.
A Changing Cybersecurity Battlefield
The report highlights a growing reality for large organizations.
Hackers are no longer just targeting end-user devices or consumer software.
Instead, they are increasingly attacking the digital infrastructure that underpins corporate networks.
When vulnerabilities appear in systems like firewalls, VPNs, or virtualization platforms, the potential damage multiplies.
For security teams, the takeaway is clear:
Protecting the gatekeepers may now be the most critical challenge in cybersecurity.
TL;DR
Google reports that 48% of zero-day exploits in 2025 targeted enterprise technologies, including firewalls, VPNs, and virtualization tools. Many attacks exploited common software flaws, while spyware vendors increasingly supplied exploits used by governments.
AI Summary
- 48% of tracked zero-days in 2025 targeted enterprise tech.
- Security tools like Cisco, Fortinet, Ivanti, and VMware were heavily attacked.
- Common vulnerabilities included input validation and authorization flaws.
- Consumer software still accounted for 52% of zero-days.
- Spyware vendors increasingly supply exploits to governments.
