TZUTC: -0500
MSGID: 1080.consprcy@1:2320/105 2c776df2
PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0
TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
75 zero-day exploitations spotted by Google, governments increasingly
responsible for attacks

Date:
Wed, 30 Apr 2025 12:00:00 +0000

Description:
Of all the zero-days abused in 2024, the majority were used in 
state-sponsored attacks by China and North Korea.

FULL STORY

In 2024, Googles Threat Intelligence Group (GTIG) discovered 75 zero-day
vulnerabilities, and argued that the majority were used in state-sponsored
hacking campaigns. The company made these claims in Hello zero-day my old
friend, a 2024 exploitation analysis paper published recently. 

In the report, Google says that the number of zero-day flaws dropped compared
to 2023 (from 98 to 75). However, the four-year trend is that the rate of
zero-day exploitation continues to grow at a slow but steady pace. 

While consumer devices continue to be the most attacked targets, there is an
increase in adversaries exploiting enterprise-specific technologies. In 2023,
roughly a third (37%) of zero-days targeted enterprise products, jumping to
44% last year. This, Google says, is primarily fueled by the increased
exploitation of security and networking software and appliances.

Governments at it again

In fact, zero-day vulnerabilities in security software and appliances were a
high-value target in 2024. Google says it identified 20 security and
networking flaws, which was over 60% of all zero-day exploitation of
enterprise technologies. Since the exploitation of these products results in 
a more efficient and extensive system and network compromise, Google expects
threat actors focus on these technologies to continue growing. 

The biggest abusers of zero-day vulnerabilities are the governments, Google
says. Between government-backed groups and customers of commercial
surveillance vendors, actors conducting cyber espionage operations accounted
for over 50% of the vulnerabilities we could attribute in 2024, the report
says. 

Google singled out China as a major player in this regard, but also mentioned
North Korea, whose operatives mixed espionage with financially motivated
operations. 

The number of Windows exploits rose to 22 (from 16 the year before), while on
Safari and iOS it fell (from 11 and 9 to 3 and 2). Android retained its lucky
number 7, as did Chrome. Firefox was up from zero in 2023 to one in 2024. 

 Via Ars Technica

======================================================================
Link to news story:
https://www.techradar.com/pro/security/75-zero-day-exploitations-spotted-by-go
ogle-governments-increasingly-responsible-for-attacks

$$
--- SBBSecho 3.20-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30
SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664
SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35
PATH: 2320/105 229/426