Investigations conducted by threat intelligence firm Mandiant and Google’s Project Zero have revealed an increase in zero-day bugs being exploited.

Mandiant and Project Zero have a different scope for the zero-day types they pursue. For the zero-days, Mandiant tracked 80 in 2021, compared to 30 tracked in 2020. Project Zero tracked 58 zero-day flaws in 2021, compared to 25 tracked in 2020.

Zero-day vulnerabilities are vulnerabilities that have yet to be made public. Tools attackers use to exploit these vulnerabilities are known as zero-day exploits. Once a bug becomes public, a fix may not be released immediately or at all, allowing attackers to exploit it.

For James Sadowski, a researcher at Mandiant, increasing detection and awareness means a shift in the zero-day landscape that has previously been limited to government-sponsored and financial hackers.

“There are definitely more zero-days being used than ever before. The overall count last year for 2021 shot up, and there are probably a couple of factors that contributed, including the industry’s ability to detect this. But, there’s also been a proliferation of these capabilities since 2012. There’s been a significant expansion in volume as well as the variety of groups exploiting zero-days,” Sadowski said.

Maddie Stone, security expert at Project Zero, notes that while it is difficult to get a full picture of the extent and context of the exploited zero days, studying those discovered can help developers and cybersecurity experts better protect their products.