The world remains a dangerous place in the Cyber Security sector as hackers exploit vulnerabilities in all sorts of places all of the time. This week’s report provides an overview of the most important zero-day threats and security vulnerabilities that organizations and users should be aware of to protect their digital assets.
Zero-Days That Under Attack Would you like to know more about it?
There are a couple of software vendors who have released patches for zero-day bugs that were actively exploited in the wild. Microsoft, for example, fixed five of those bugs in Windows as part of its Patch Tuesday update for its May 2025 Patch Tuesday release.
The details of these vulnerabilities (CVE-2025-30397, CVE-2025-30400, CVE-2025-32701, CVE-2025-32706, and CVE-2025-32709) are in the process of being investigated for exploitations scope and the related actors. We urge everyone to update as soon as possible.
The latest threats and vulnerabilities
A report on 2024’s zero-day exploitation trends has just been published by Google’s Threat Intelligence Group. The report found that zero day attacks had dropped slightly compared to the year before, in a pattern that’s partially due to better security habits from independent software vendors.
But the availability of a growing number of enterprise-focused platforms, like VPNs and firewalls, became a cause of concern, the report noted, as prime targets for zero-days. In 2023, 44% of zero-day exploits focused on enterprise platforms, up from 37% in 2024.
The Pwn2Own Berlin 2025 event continued to demonstrate a challenging threat landscape with researchers exploiting zero-days against Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux and Mozilla Firefox. Such demonstrations frequently result in vendors issuing patches to repair the reported vulnerabilities.
Suggestions to Improve Security
With the threat landscape changing, it is important for people and organizations to be more proactive in terms of security:
Update and patch: Regularly update your security updates and software patches from the software vendors. This is the best way to reduce the risk and to address that known vulnerabilities zero-day is good – corrects issues.
Endpoint Detection and Response (EDR): Deploy EDR solutions to detect and respond to suspicious activities on end-points and continuously monitor all activity on the endpoint for signs of security threats. EDR can aid in the discovery and prevention of exploitation attempts, even for zero day vulnerabilities.
Segmentation: Segregate networks into isolated segments to minimize the impact of such security problems. When one part is breached, it makes it harder for attackers to hop to other important systems.
User Training: Train users about their common attack vectors like phishing, social engineering, which they may tend to open a gate, if we teach out users well and educate them, they can also be one of the best reporting /sensors/ fighters. Human fallibility is still a big part of many successful cyberattacks.
Routine Security Audits: Regularly audit security and penetrate test to expose possible weak points in applications and systems.
Really staying up-to-date on the latest threats, and following good security practices in the meantime is key to protecting yourself in these darkest timelines where zero-day exploits and other security flaws loom. All organisations and individuals need to be vigilant and maintain security measures on a daily basis.
