"Zero-Day Exploits Found And Disclosed Hit a Record High in 2021, Google Project Zero Says"
Security researchers at Google’s Project Zero stated that they tracked 58 cases of zero-day exploits “in the wild” in 2021, which is the most ever detected and disclosed in a single year since the group began its work in mid-2014. The 2021 total is more than double the previous maximum, 28, tracked in 2015. The researchers noted that it’s “especially stark when you consider that there were only 25 detected in 2020. The researchers stated that new software bugs are discovered, publicly disclosed, and patched all the time, often before malicious hackers can take advantage of them. Project Zero is primarily concerned with the vulnerabilities that attackers discover and exploit first, the ones that software companies have had “zero days” to patch. The researchers noted that the good news about the 2021 total is that the increased number is likely due to the increased detection and disclosure of zero-day exploits rather than the increased usage of them. However, the researchers noted that the bad news is that attacker methodology hasn’t actually had to change much from previous years. Attackers are having success using the same bug patterns and exploitation techniques and going after the same attack surfaces.