Increase in Zero Day Exploits Affects Major Tech Companies, Such as Microsoft and Google, by 46 Percent (BHUSA Report)
In the first half of 2025, the global cybersecurity landscape witnessed a significant escalation in threats, according to the H1 2025 Threat Review by Forescout Research - Vedere Labs. Here's a rundown of the key findings:
Google products experienced the second highest volume of zero day exploits, accounting for 11% of the total. Microsoft products, on the other hand, accounted for around a third (30%) of the zero day exploits, making them a prime target for cybercriminals.
The number of monthly new Common Vulnerabilities and Exposures (CVEs) averaged a staggering 3930, marking a 15% increase compared to the same period in 2024. This surge in vulnerabilities has been a major concern for cybersecurity experts worldwide.
Ransomware attacks grew 36% year-over-year, with 3649 documented attacks in H1 2025. These attacks were recorded in 112 countries, a 9% increase from the 103 countries impacted in H1 2024. Ransomware actors increasingly targeted non-traditional equipment, such as edge devices, IP cameras, and Berkeley Software Distribution (BSD) servers.
The blurred lines between hacktivists and nation-state groups were highlighted by the researchers. For instance, Iran-aligned hacktivist groups heavily targeted critical Operational Technology (OT) environments, while the VanHelsing group introduced a multi-platform encryptor that includes support for BSD UNIX.
The report also shed light on the motivations behind these cyber threats. 51% of the observed threat actors were financially motivated cybercriminals, 40% were state-sponsored actors, and 9% were hacktivists.
China was the country of origin for the highest proportion of these threat actors, at 33%. However, the countries that sent out the most threat actors with notable activity in H1 2025, including Germany, were not explicitly listed in the provided sources. Germany, however, was highlighted as one of the top five countries most affected by ransomware attacks and cyber threats in 2024.
Daniel dos Santos, head of research at Forescout, commented that Iranian-aligned groups are using more aggressive, state-influenced disruption tactics masked as activism. He also noted that these devices, often used as footholds to enable lateral movement across IT, OT, and IoT environments due to their lack of endpoint detection and response (EDR), are increasingly being targeted by these threat actors.
The report also highlighted a concerning trend: the number of vulnerabilities published per day averaged 130, and a total of 23,583 vulnerabilities were published in the first half of 2025. Moreover, 132 CVEs were added to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities (KEV) catalog in H1 2025, marking an 80% year-over-year rise.
Apple, Ivanti, Qualcomm, and VMware also had significant volumes of zero day exploits, with 27 vendors in total having products impacted by zero days.
This report serves as a stark reminder of the ever-evolving nature of cyber threats and the need for continuous vigilance and proactive measures to combat them. As we move forward, it's crucial for organisations to prioritise cybersecurity to protect their assets and maintain business continuity.
){kind=link}