A wave of critical zero-day vulnerabilities in key products from global tech giants like Google, Microsoft, SAP, Cisco, and Broadcom has set off alarms in cybersecurity.
These recently uncovered vulnerabilities are actively exploited in real-time cyberattacks, demanding swift and coordinated company responses. Even South Korean firms, including SK Telecom, have conducted urgent security audits since recent hacking incidents.
On Monday, IBM’s security research arm, X-Force, released its “2025 Threat Intelligence Index.” The report reveals a staggering 84% surge in cyberattacks using information-stealing malware (infostealers) last year compared to the previous year. For the first quarter of this year, the growth rate is projected to skyrocket to 180% year-over-year.
The X-Force team reported that 70% of all attacks they responded to last year targeted critical infrastructure organizations. Alarmingly, four of the top 10 common vulnerabilities and exposures (CVEs) frequently discussed on dark web forums are believed to be linked to state-sponsored threat groups.
A prime example of a recently exposed vulnerability comes from Germany’s SAP. On April 24, the company discovered a remote code execution vulnerability (CVE-2025-31324) in its NetWeaver product, prompting an emergency patch release. This vulnerability was given the highest possible CVSS rating of 10.0.
U.S.-based Onapsis Research Labs explained that this vulnerability impacts SAP NetWeaver Visual Composer, allowing malicious files to be uploaded and executed remotely without authentication.
Another American security firm, Rapid7, reported that attackers have exploited this vulnerability since March to gain persistent system access, primarily targeting the manufacturing sector.
Major U.S. tech giants like Google and Microsoft aren’t immune to these threats.
Earlier this month, Google uncovered a severe memory handling vulnerability (CVE-2025-27363-CVSS 8.1) in its Android operating system’s FreeType font rendering library, prompting a rapid emergency patch deployment. Initially identified on Meta’s Facebook, this vulnerability could infect devices simply by opening documents or apps containing malicious fonts.
For its part, Microsoft released patches last month addressing approximately 126 security vulnerabilities. Among these, a privilege escalation vulnerability (CVE-2025-29824-CVSS 7.8) in the Windows standard log file system driver was confirmed to be exploited through Storm-2460 and Play ransomware. Attackers leveraged this vulnerability to gain system administrator privileges and deploy the PipeMagic malware.
Cisco’s Smart Licensing Utility (CSLU) was found to have a vulnerability allowing remote attackers to access systems with administrator privileges (hardcoded admin account credentials).
Broadcom’s VMware product line has also reported three zero-day vulnerabilities.
A cybersecurity expert warned that with the rapid advancement of AI technology, cyberattacks have evolved from a theoretical threat to a stark reality. Organizations must maintain a robust security posture through intrusion detection and prevention systems and endpoint detection and response mechanisms.