Google’s Threat Analysis Group (TAG) and Mandiant produced a first-ever joint report that digs into the zero-day vulnerabilities that were exploited in 2023 to better understand threat actor behavior and key trends. The report shows 97 zero-day vulnerabilities were exploited in 2023, 50 percent more than the 62 in 2022, but slightly less than the 106 peak in 2021. It also focuses on two main categories of vulnerabilities: end-user platforms and products, and enterprise-focused technologies.

Some key zero-day findings from the report include:

• Vendors' security investments are working, making certain attacks harder.
• Attacks increasingly target third-party components, affecting multiple products.
• Enterprise targeting is rising, with more focus on security software and appliances.
• Commercial surveillance vendors lead browser and mobile device exploits.
• People’s Republic of China (PRC) remains the top state-backed exploiter of zero-days.
• Financially-motivated attacks proportionally decreased.

These findings show an interesting shift in the zero-day landscape, with security investments into OS and software mitigations forcing attackers to find new attack surfaces and bug patterns. Attackers are focusing more on third-party components as well as targeting enterprise security software and appliances. For more information, visit Google or SecurityWeek.