Skip to content
Information Technology

Google and Mandiant reveal rise in Zero-Day vulnerabilities exploited in 2023

Mandiant 2 mins read

Google's Threat Analysis Group (TAG) and Mandiant, renowned leaders in cybersecurity research, have released their annual report on zero-day vulnerabilities, highlighting a significant surge in exploitation incidents witnessed in 2023. The report, available here, unveils crucial insights into the evolving landscape of cyber threats and underscores the urgent need for enhanced vigilance and collaborative efforts across the industry.

According to the findings, 97 zero-day vulnerabilities were observed exploited in-the-wild throughout 2023, marking a notable escalation from the previous year's figure of 62 vulnerabilities. While this increase is substantial, it falls short of the record high of 106 vulnerabilities recorded in 2021, providing a nuanced perspective on the evolving threat landscape.

Key contributors to the discovery of these vulnerabilities include Google's TAG and Mandiant, who collectively identified 29 of the exploited zero-day vulnerabilities. Their relentless dedication to uncovering emerging threats has been instrumental in fortifying cyber defences worldwide.

The vulnerabilities were categorised into two primary domains: end-user platforms and products, encompassing mobile devices, operating systems, browsers, and other applications, and enterprise-focused technologies, including security software and appliances. Notably, the report emphasises that despite notable strides in addressing vulnerabilities, the pace of zero-day discovery and exploitation remains elevated compared to pre-2021 levels.

Further analysis reveals compelling insights into threat actor motivations, with espionage actors accounting for the majority of exploits. Of the 58 zero-days attributed to threat actors' motivations, 48 were linked to espionage activities, while financially motivated actors accounted for the remaining 10.

The report sheds light on the prominent role of the People's Republic of China (PRC) in government-backed exploitation, with PRC cyber espionage groups exploiting 12 zero-day vulnerabilities in 2023, a significant increase from seven incidents in 2022.

End-user platforms and products bore the brunt of zero-day exploits, with 61 vulnerabilities affecting these systems, underscoring the critical need for fortified defences in consumer-facing technologies. Conversely, enterprise-focused technologies witnessed a surge in targeting, with a 64 percent increase observed in adversary exploitation compared to the previous year.

A notable shift was observed in the nature of vulnerabilities, with a higher prevalence of bugs detected in third-party components and libraries as opposed to first-party code. Additionally, the report highlights disparities between operating systems, with Android and iOS witnessing increased targeting, and web browsers such as Chrome and Safari facing a substantial number of zero-day exploits.

While acknowledging the progress made by end-user platform vendors such as Apple, Google, and Microsoft in mitigating vulnerabilities, the report underscores the necessity for sustained collaborative efforts to confront emerging cyber threats effectively.



More from this category

  • Information Technology
  • 13/09/2024
  • 21:11
Deriv Group

Deriv Honoured with ‘Best Customer Service’ Award at Global Forex Awards

Deriv’s client-first philosophy earns the 'Best Customer Service' award at the Global Forex Awards, coinciding with its 25th year of empowering traders.2024 is the year of wins for Deriv, which earlier this year won the ‘Most Trusted Broker’, ‘Best Trading Experience’ (LATAM) 2024, and ‘Best Latam Region Broker’ awards.LIMASSOL, Cyprus, Sept. 13, 2024 (GLOBE NEWSWIRE) -- Deriv, a globally recognised online trading company with a 25-year legacy of trust, innovation, and service, has been recognised for its exceptional customer support by winning the ‘Best Customer Service’ award at the prestigious Global Forex Awards.The ‘Best Customer Service’ award, coinciding with Deriv’s…

  • Information Technology
  • 13/09/2024
  • 17:10
Ai-Media Technologies LLC

AI-Media and Speechmatics Announce Strategic Partnership to Evolve Captioning and Language Services Technologies

BROOKLYN, N.Y., Sept. 13, 2024 (GLOBE NEWSWIRE) -- AI-Media - the global leader in audiovisual encoding technology and AI-driven transcription and translation solutions, and Speechmatics - the market leader in speech recognition technology, today announce a strategic expansion of their multi-year partnership to deliver new and better AI-driven products to market.This partnership brings together Speechmatics’ leading speech-to-text technology and AI-Media’s unique iCap-based encoding appliances and secure network that seamlessly embeds the technology within customers’ existing workflows and automation systems.By integrating these capabilities, AI-Media's LEXI 3.0 has been the first AI product to overtake the quality of human-in-the-loop alternatives in the…

  • Government Federal, Information Technology
  • 12/09/2024
  • 15:15
Parliament of Australia

Inquiry commences into public sector AI use

The Joint Committee of Public Accounts and Audit (JCPAA) has commenced an inquiry into the use and governance of artificial intelligence (AI) systems by public sector entities. The Chair of the JCPAA,the Hon Linda Burney MP, said that ‘evidence to the Committee’s 2022-23 Commonwealth Financial Statements inquiry indicated an increased adoption of AI by public sector entities but also a lack of adequate governance frameworks to regulate and monitor this use. The Committee has decided that oversight is needed of the current and potential future impacts of this fast-developing technology in delivering outcomes for the Australian public.’ The inquiry will…

Media Outreach made fast, easy, simple.

Feature your press release on Medianet's News Hub every time you distribute with Medianet. Pay per release or save with a subscription.