🇨🇳cnBeta (Full RSS)•Mar 7, 2026Stalecollected in 45m

Spyware Vendors, China Hackers Led 2025 Zero-Days

Post LinkedIn

🇨🇳Read original on cnBeta (Full RSS)

#zero-day #spyware #espionagegoogle-threat-intelligence-report

💡Record 2025 zero-days hit enterprise tech—secure your AI infra now

⚡ 30-Second TL;DR

What Changed

2025 zero-day exploits reached all-time high per Google TAG.

Why It Matters

Heightened zero-day risks demand stronger enterprise security for AI deployments. AI infrastructure like cloud APIs and models face elevated threats from state-sponsored actors.

What To Do Next

Audit your enterprise AI stack for the 43 reported zero-days using Google's TAG vulnerability list.

Who should care:Enterprise & Security Teams

🧠 Deep Insight

Web-grounded analysis with 10 cited sources.

🔑 Enhanced Key Takeaways

•Commercial surveillance vendors were attributed to 15 of 42 tracked zero-days, surpassing state-sponsored groups (12) for the first time[1][2].
•China-nexus espionage groups exploited at least 10 zero-days, doubling from 2024, with UNC3886 targeting Juniper MX routers via CVE-2025-21590[2].
•Operating systems saw 39 zero-day exploits (most common category), mobile OS 15, while browsers dropped below 10% due to improved hardening[3].
•Google patched 8 zero-days in Chrome, including V8 type confusion flaws CVE-2025-10585 and CVE-2025-13223 linked to spyware vendors[5].

🛠️ Technical Deep Dive

•CVE-2025-10585: Type confusion in Chrome V8 JavaScript engine's JIT optimization pipeline, enabling heap corruption via crafted HTML; patched in 24 hours after GTIG discovery[5].
•CVE-2025-13223: V8 vulnerability exploited in espionage by spyware vendors selling chains to governments; seventh Chrome zero-day of 2025[5].
•Operation ForumTroll chain: Undisclosed renderer exploit + CVE-2025-2783 sandbox escape deploying Trinper backdoor; prompted Firefox CVE-2025-2857 patch[5].
•SonicWall attacks: Chained authentication bypass, RCE, and privilege escalation vulnerabilities targeting enterprise appliances[3].
•CVE-2025-21590: Improper isolation in Juniper MX routers exploited by UNC3886 for network access[2].

🔮 Future ImplicationsAI analysis grounded in cited sources

AI will accelerate zero-day discovery and exploit development by threat actors in 2026

GTIG researchers predict threat actors will leverage AI to speed and scale attacks, while defenders can use it for early flaw detection[2][3][10].

Enterprise edge devices will face sustained high-risk targeting

Nearly half of 2025 zero-days hit enterprise tech like routers and firewalls lacking EDR, with state groups exploiting detailed device knowledge[2][4].

⏳ Timeline

2021

GTIG begins tracking FIN11 zero-day exploitation in financial campaigns

2023

Record 100 zero-days exploited in-the-wild, highest annual volume

2024

78 zero-days tracked, with 36 (46%) targeting enterprise tech and China groups at 5 exploits

2025-02

GTIG captures Coruna iOS exploit chain from surveillance vendor customer

2025-04

Samsung zero-day vulnerability patched after Project Zero analysis

2025-09

GTIG tracks FIN11/CL0P extortion using zero-days; Chrome CVE-2025-10585 patched

📎 Sources (10)

Factual claims are grounded in the sources below. Forward-looking analysis is AI-generated interpretation.

🇨🇳Read original article on cnBeta (Full RSS)

📰

Weekly AI Recap

Read this week's curated digest of top AI events →

👉Related Updates

Same topic

Explore #zero-day

Same product

More on google-threat-intelligence-report

Same source

Latest from cnBeta (Full RSS)

AI-curated news aggregator. All content rights belong to original publishers.
Original source: cnBeta (Full RSS) ↗