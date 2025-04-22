Previously unknown "zero-day" software vulnerabilities are mysterious and intriguing as a concept. But they're even more noteworthy when hackers are spotted actively exploiting the novel software flaws in the wild before anyone else knows about them. As researchers have expanded their focus to detect and study more of this exploitation, they're seeing it more often. Two reports this week from the threat intelligence firm Mandiant and Google's bug hunting team, Project Zero, aim to give insight into the question of exactly how much zero-day exploitation has grown in recent years.

[...] "We started seeing a spike early in 2021, and a lot of the questions I was getting all through the year were, 'What the heck is going on?!'" says Maddie Stone, a security researcher at Project Zero. "My first reaction was, 'Oh my goodness, there's so much.' But when I took a step back and looked at it in the context of previous years, to see such a big jump, that growth actually more likely is due to increased detection, transparency, and public knowledge about zero-days."

[...] While awareness and detection efforts have increased, James Sadowski, a researcher at Mandiant, emphasizes that he does see evidence of a shift in the landscape.

"There are definitely more zero-days being used than ever before," he says. "The overall count last year for 2021 shot up, and there are probably a couple of factors that contributed, including the industry's ability to detect this. But there's also been a proliferation of these capabilities since 2012," the year that Mandiant's report looks back to. "There's been a significant expansion in volume as well as the variety of groups exploiting zero-days," he says.