Microsoft was the most targeted vendor, with 25 zero-days exploited across its products, followed by Google with 11, Apple with eight, and Cisco and Fortinet with four each. Twenty vendors were hit by a single zero-day each, illustrating how widely attackers are casting their net across the enterprise software landscape.
Prepare for zero-day exploitation
“Prioritization is a consistent struggle for most organizations due to limited resources requiring deciding what solutions are implemented — and for every choice of where to put resources, a different security need is neglected,” the GTIG researchers said. “Know your threats and your attack surface in order to prioritize decisions for best defending your systems and infrastructure.”
Recommendations include segmenting firewalls, VPNs, and DMZ infrastructure from core network assets and domain controllers to limit lateral movement when a perimeter device is breached.
