You might’ve seen the headlines:“Zero-day exploits up 46% in the first half of 2025.”

Sounds scary, right? But here’s the thing: these numbers are volatile. When you zoom in on short windows the stats swing wildly. We’ve seen spikes like this before. The bigger picture is that since 2021, the baseline of zero-day exploitation has been consistently rising. The fire never really went out.

Who’s behind the attacks?

About half of these zero-day exploits come from good old-fashioned cybercriminals chasing money. The other half? Nation-states. And sometimes the lines blur: governments build tools, they get leaked or stolen, and suddenly the same exploit kit is in the hands of ransomware crews.

There’s also a long tail of smaller groups, hacktivists, and lone actors, but financially motivated crime and geopolitics dominate the field.

What’s happening to victims?

If you’re a company, the outcomes are predictable but brutal: stolen data, ransomware and fraud. In the first half of this year alone, U.S. healthcare breaches exposed nearly 30 million patient records.

Nation-state attackers play a different game. They’re not just after cash, they’re aiming for disruption, espionage, or the slow erosion of user trust. In crypto, for example, we’ve seen attackers drain funds not to spend immediately, but to make people doubt the ecosystem itself.

The patching problem

Here’s the uncomfortable truth: attackers don’t need a brand-new zero-day. They feast on old, already-patched flaws because many organizations simply don’t apply patches fast enough.

Half of the vulnerabilities actively exploited in early 2025 were disclosed before 2025. Let that sink in. Industry data shows it still takes companies a median of 50 days to roll out a critical patch. That’s almost two months of open season for attackers.

Who is being hit?

Routers, VPNs, firewalls -the internet’s plumbing. Over 20% of exploited bugs this year have been in network infrastructure and “security appliances.” These devices are often internet-facing, poorly monitored, and running outdated firmware.

Collaboration tools (like email platforms and cloud-sharing apps) are also easy targets. Think about it: they’re exposed, everyone relies on them, but security teams often don’t watch them closely.

How the good ones adapt

The best companies don’t just wait for patches. They:

• Monitor continuously for unusual behavior

• Segment systems so one compromise doesn’t spread everywhere

• Prioritize patches based on what’s actually being exploited

• Treat security as a business-critical issue, not an IT chore

And honestly? The real game-changer isn’t a fancy new control,. it’s culture. Companies that thrive are the ones where everyone, from engineers to executives, takes security seriously. Attackers don’t have to beat your strongest defense -they just need to find your weakest link..

Follow us on Twitter, book a slot, or request an audit on our website.