Saturday 04 July 2026 12:38:06 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

Vulnerabilities & Patch Management

Zero-Days on the Edge: How Hackers Are Turning Enterprise Tech into a Battlefield

Published: 06 March 2026 17:52Category: Vulnerabilities & Patch ManagementGeo: AsiaAuthor: LOGICFALCON

Subtitle: A record number of zero-day exploits are targeting enterprise infrastructure, with commercial spyware vendors now outpacing state-backed hackers.

In 2025, cybercriminals and spies alike found a new favorite playground: the backbone of the world’s businesses. As zero-day attacks surged to new heights, nearly half of these digital assaults zeroed in on enterprise-grade technology-network routers, firewalls, and edge devices that keep the world’s critical systems online. But what’s driving this dramatic shift, and who’s really behind the keyboard?

According to Google’s Threat Intelligence Group (GTIG), 2025 marked an unprecedented escalation: 90 zero-day vulnerabilities were exploited in the wild, with almost half targeting enterprise infrastructure. The stakes have never been higher. Unlike consumer devices, enterprise-grade tech forms the digital skeleton of corporations, governments, and critical services. Once breached, attackers can pivot deep into sensitive networks, often undetected.

State-sponsored groups, especially those linked to China, have historically dominated this shadowy marketplace. Their tactics are sophisticated, targeting routers and security tools-devices often lacking robust endpoint detection. GTIG’s chief analyst, John Hultquist, describes an “ecosystem” of zero-day development in China, encompassing industry, academia, and government. In 2025 alone, China-nexus espionage groups were tied to at least 10 zero-day exploits, double the previous year’s count. Examples include the UNC3886 group exploiting Juniper MX router flaws and UNC5221’s deployment of the Brickstorm malware.

But a new breed of adversary is rising: commercial surveillance vendors. For the first time, these vendors-who sell turnkey spyware solutions to governments and private clients-were linked to more zero-day attacks (15) than state actors (12). Their focus? Mobile devices and web browsers, making everyone from executives to activists a potential target. As James Sadowski, a GTIG analyst, notes, these vendors are now “primary drivers of the zero-day market.”

The future looks even more turbulent. GTIG’s report warns that artificial intelligence will soon allow attackers to discover and weaponize vulnerabilities at unprecedented speed and scale. From automated reconnaissance to rapid exploit development, AI could make zero-day attacks faster and harder to stop than ever before.

As enterprise defenses lag and the zero-day market grows ever more professionalized, the cybersecurity arms race is entering a new era. The edge is no longer the frontline-it’s the whole battlefield.

WIKICROOK

  • Zero: A zero-day vulnerability is a hidden security flaw unknown to the software maker, with no fix available, making it highly valuable and dangerous to attackers.
  • Edge device: An edge device is hardware, like a router or firewall, that connects private networks to the internet and acts as a key security barrier.
  • State: A 'state' in cybersecurity refers to a government backing or conducting cyber attacks to gather intelligence or disrupt adversaries for political or strategic gain.
  • Commercial surveillance vendor: A commercial surveillance vendor sells spyware or hacking tools to clients, including governments, raising concerns about privacy, ethics, and human rights.
  • Endpoint detection and response (EDR): Endpoint Detection and Response (EDR) are security tools that monitor computers for suspicious activity, but may miss browser-based attacks that leave no files.