Record-high zero-day exploits reported last year

Fifty-eight zero-day vulnerabilities were exploited in the wild last year, the highest since Google's Project Zero began tracking in 2014, reports CyberScoop. While increased exploit detection and disclosure, and not increased usage, have brought about a higher number of reported zero-days, threat actors have not needed to change their tactics in abusing flaws in recent years, according to Google Project Zero researcher Maddie Stone. "Attackers are having success using the same bug patterns and exploitation techniques and going after the same attack surfaces," Stone said. The report also noted that NSO Group's FORCEDENTRY spyware was among the two novel zero-days reported last year, with most of the other flaws resembling already known bugs. Project Zero is expecting greater vendor agreement regarding the public disclosure of flaws' in-the-wild exploitation status in their security bulletins, as more vendors engage in zero-day identification and reporting. Moreover, security researchers are expected by the team to prioritize mitigating memory corruption flaws.