Google Threat Intelligence Group's 2025 review highlights 90 exploited zero-day vulnerabilities, with a significant shift toward enterprise infrastructure and edge devices. Commercial surveillance vendors outpaced state-sponsored actors in zero-day usage, while financially motivated groups and PRC-nexus espionage operators continued to heavily leverage zero-days for initial access, persistence, and data theft.