TZUTC: -0500   
   MSGID: 1080.consprcy@1:2320/105 2c776df2   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   75 zero-day exploitations spotted by Google, governments increasingly   
   responsible for attacks   
      
   Date:   
   Wed, 30 Apr 2025 12:00:00 +0000   
      
   Description:   
   Of all the zero-days abused in 2024, the majority were used in    
   state-sponsored attacks by China and North Korea.   
      
   FULL STORY   
      
   In 2024, Googles Threat Intelligence Group (GTIG) discovered 75 zero-day   
   vulnerabilities, and argued that the majority were used in state-sponsored   
   hacking campaigns. The company made these claims in Hello zero-day my old   
   friend, a 2024 exploitation analysis paper published recently.    
      
   In the report, Google says that the number of zero-day flaws dropped compared   
   to 2023 (from 98 to 75). However, the four-year trend is that the rate of   
   zero-day exploitation continues to grow at a slow but steady pace.    
      
   While consumer devices continue to be the most attacked targets, there is an   
   increase in adversaries exploiting enterprise-specific technologies. In 2023,   
   roughly a third (37%) of zero-days targeted enterprise products, jumping to   
   44% last year. This, Google says, is primarily fueled by the increased   
   exploitation of security and networking software and appliances.   
      
   Governments at it again   
      
   In fact, zero-day vulnerabilities in security software and appliances were a   
   high-value target in 2024. Google says it identified 20 security and   
   networking flaws, which was over 60% of all zero-day exploitation of   
   enterprise technologies. Since the exploitation of these products results in    
   a more efficient and extensive system and network compromise, Google expects   
   threat actors focus on these technologies to continue growing.    
      
   The biggest abusers of zero-day vulnerabilities are the governments, Google   
   says. Between government-backed groups and customers of commercial   
   surveillance vendors, actors conducting cyber espionage operations accounted   
   for over 50% of the vulnerabilities we could attribute in 2024, the report   
   says.    
      
   Google singled out China as a major player in this regard, but also mentioned   
   North Korea, whose operatives mixed espionage with financially motivated   
   operations.    
      
   The number of Windows exploits rose to 22 (from 16 the year before), while on   
   Safari and iOS it fell (from 11 and 9 to 3 and 2). Android retained its lucky   
   number 7, as did Chrome. Firefox was up from zero in 2023 to one in 2024.    
      
    Via Ars Technica   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/75-zero-day-exploitations-spotted-by-go   
   ogle-governments-increasingly-responsible-for-attacks   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426