Software vulnerabilities that are unknown to developers, known as "zero-day", are being exploited by hackers more than ever, reported Wired April 21.
These vulnerabilities are not publicly disclosed and are called "zero-day" because the software developer has had zero days to develop and release a patch for it and defenders of the software have had zero days to start monitoring it.
Google's team Project Zero tracked 58 "zero-day" exploitations in 2021, compared to 25 in the year before, and cyber defense company Mandiant tracked 80 exploits in 2021 compared to 30 in 2020. However, some of this increase may be due to enhanced capabilities for agencies and organizations to detect these hacks.
"When I took a step back and looked at it in the context of previous years, to see such a big jump, that growth actually more likely is due to increased detection, transparency, and public knowledge about zero-days," Maddie Stone, a security researcher at Project Zero, told Wired.
Many of the vulnerabilities that are exploited though are in known classes of other vulnerabilities, meaning companies can be doing a better job of cutting off access routes to the known, classic attacks.