In a major new databreach focused on cybersecurity trends, Google announced they are now tracking 90 zero-day vulnerabilities exploited in-the-wild as of 2025. This is up from 78 vulnerabilities in FY 2024, down from the 100 identified in 2023. Cyber threats are evolving every moment. This year, hacker-for-hire groups have targeted enterprise technologies almost exclusively in a year dominated by financially motivated groups, accounting for nine of the zero-days discovered.
Mobile zero-days experienced a significant resurgence, jumping from nine in 2024 to 15 in 2025. Simultaneously, commercial surveillance vendors were at the forefront of weaponizing these very same vulnerabilities. In particular, this transformation highlights a troubling new trend: the exploitation of zero-day vulnerabilities. Criminal enterprise has recognized and exploited these loopholes, affecting both personal and organizational victims.
At the same time, the cybersecurity community is still reeling from the impacts of ransomware. Evgenii Ptitsyn, a 43-year-old Russian national, appeared in a Manhattan federal court to plead guilty for his leadership of the Phobos ransomware operation. This network of criminals focused on the ransomware exploitation of over 1,000 victims globally and extorted ransom payments of at least $39 million. Ptitsyn will ultimately be subject to a maximum penalty of 20 years in prison on each of the three counts of wire fraud charged.
Trends in Zero-Day Vulnerabilities
The data made publicly available by Google points to zero-day vulnerabilities being an ongoing issue that cybersecurity professionals have to deal with. Falling back to a peak at 90 vulnerabilities in 2025 shows that we are still in an arms race between security professionals and cybercriminals.
The total zero-days has wavered over the last few years. The targeting of enterprise technologies has exploded into view. Numerous financially motivated threat groups have exploited these vulnerabilities to carry out widespread cyber operations.
Mobile platforms are not always safe from these risks. Between nine and 15 mobile zero-days have reemerged. This swift increase is a clear indicator that attackers are increasingly trying to exploit weaknesses in application and service development for mobile. This worrying trend highlights the critical need for improved security features on every platform.
Ransomware Landscape and Financial Implications
Ransomware is still an incredibly important and urgent problem, with total payments plateauing over the years even as more attacks happen. The median ransom payment skyrocketed by 368% year-over-year to almost $60,000, indicative of the increasing desperation felt by victims.
Evgenii Ptitsyn’s case serves as another illustration of the deep impact and economic cost of ransomware attacks. Unfortunately, the Phobos ransomware is wreaking havoc on thousands of organizations across the globe. It’s a testament to the kind of financial havoc that cybercriminals can wreak.
In fact, authorities have seized about $174 million in cash and financial assets related to ransomware operations. On many fronts, this move shows a robust commitment to advancing the fight against cybercrime.
“The trajectory is clear: what began as nation-state-level capability has become, by 2026, something any motivated actor can attempt with free tools and an internet connection.” – CloudSEK
Emerging Threats and Exploitable Weaknesses
The cyber threat landscape is continuously evolving. Just last month, the Iranian hacking group MuddyWater kicked off a campaign that broadly affects American infrastructure, hitting at least seven U.S. companies – including banks and airports. This campaign, which started in early February 2026, represents an alarming departure as it marks the increasing trend of state-sponsored attack on critical social infrastructure.
Too many researchers are able to demonstrate that Wi-Fi client isolation is easily circumvented. This creates huge implications for groups that use this important security feature. Attackers take advantage of three major flaws in client isolation implementations across Wi-Fi networks. This raises immediate and obvious concern over the need for better security measures.
As adversaries grow their capability with an increasing number of attacks, experts highlight the need for strong defenses at every layer of the network. With tools becoming so easily accessible, it’s imperative that organizations are always on their toes and adopt forward-thinking cybersecurity strategies.
“Rather than a breakthrough in technical sophistication, we are seeing a transition toward AI-assisted malware industrialization that allows the actor to flood target environments with disposable, polyglot binaries.” – Bitdefender