top of page

Zero day vulnerability discoveries are rising

Zero day vulnerabilities are usually exploited by states or state sponsored actors to spy on enemies, perceived or real. Weaponized zero-days are routinely marketed by outfits such as NSO Group, and probably represent the biggest threat to privacy worldwide.

Two projects are doing a good job in researching, discovering and making zero-days known to vendors so they can react: The Zero Day Initiative (ZDI) and Google Project Zero.

Both are finding that the number of discovered zero days is rising. Project Zero found 58 in-the-wild 0-days in 2021, the most ever recorded since they began tracking in mid-2014. ZDI is also seeing an uptick and reports record numbers for 2021.

ZDI zero-day disclosures. Source:

Google Project Zero 0-day discoveries. Source: GPZ blog

Although the rise may be seen as a bad trend, Google Project Zero points it is most likely due to increased detection capabilities and disclosure of these 0-days, rather than simply increased usage of 0-day exploits. That's a good thing.

bottom of page