Google’s 2024 report reveals 75 zero-day vulnerabilities exploited in the wild, with 50% linked to spyware attacks. Despite stronger vendor security, zero-day threats are on the rise. In a comprehensive 2024 report, Google’s Threat Intelligence team has identified 75 zero-day vulnerabilities actively exploited by cybercriminals — with half of them linked to spyware. The findings paint a grim picture of the evolving cybersecurity landscape, even as tech giants invest millions in defenses.

An April 29 report from Google’s Threat Analysis Group (TAG) has shaken the cybersecurity world with the revelation that 75 zero-day vulnerabilities were actively exploited throughout 2024. Authored by Google’s Casey Charrier, James Sadowski, Clement Lecigne, and Vlad Stolyarov, the report is both a reflection of success and a warning for the road ahead.

Despite improved security postures by software vendors and significant investments in bug bounty programs • Google paid Rs. 98.4 crore in 2024 and Microsoft an even higher Rs. 138.6 crore • the zero-day threat is intensifying. A startling 50% of these vulnerabilities were tied to spyware operations, highlighting the lucrative underground market for initial access tools and stealth surveillance technologies.

One of the most concerning aspects of Google’s findings is the central role of spyware vendors and threat actors in zero-day exploitation. Groups such as ToyMaker, a known initial access broker, have been observed actively scouring systems for undiscovered flaws, which are then used in highly targeted attacks. These actors often sell or rent out access to compromised systems, serving nation-state, criminal, or commercial surveillance clients.

The TAG report makes it clear: zero-days offer unique advantages to attackers — stealth, persistence, and evasion of detection mechanisms. As a result, they’re highly valuable and ruthlessly sought after, especially when used to exploit mobile devices and web browsers.

According to Google, the ecosystem supporting these attacks includes everything from exploit developers to sellers, brokers, and end-users. The market is mature and evolving, with many threat actors switching to multi-layered intrusion tactics combining zero-days with social engineering and malware droppers.

While the raw numbers are alarming, there is also optimism in how quickly many of these vulnerabilities were discovered, patched, and neutralized before they could reach mass exploitation. Credit goes to the robust threat intelligence units within companies like Google and Microsoft, as well as proactive bug bounty programs that reward ethical hackers and researchers for uncovering flaws.

Yet, even with those efforts, reaction time remains critical. The report underscores that in some cases, it takes as little as 60 seconds for an attack to escalate from initial contact to a fully compromised system.

Despite fewer zero-day vulnerabilities reported in traditional browser and mobile spaces compared to previous years, Google analysts predict an overall increase in exploitation going forward, fueled by both technical innovation and a growing commercial spyware market.