Government hackers are leading the use of attributed zero-days, Google says
Hackers working for governments were responsible for the majority of attributed zero-day exploits used in real-world cyberattacks last year, per new research from Google.
Google's report said that the number of zero-day exploits — referring to security flaws that were unknown to the software makers at the time hackers abused them — had dropped from 98 exploits in 2023 to 75 exploits in 2024. But the report noted that of the proportion of zero-days that Google could attribute — meaning identifying the hackers who were responsible for exploiting them — at least 23 zero-day exploits were linked to government-backed hackers.
Among those 23 exploits, 10 zero-days were attributed to hackers working directly for governments, including five exploits linked to China and another five to North Korea.
Another eight exploits were identified as having been developed by spyware makers and surveillance enablers, such as NSO Group, which typically claim to only sell to governments. Among those eight exploits made by spyware companies, Google is also counting bugs that were recently exploited by Serbian authorities using Cellebrite phone-unlocking devices.
Even though there were eight recorded cases of zero-days developed by spyware makers, Clément Lecigne, a security engineer at Google Threat Intelligence Group (GTIG), told TechCrunch that those companies 'are investing more resources in operational security to prevent their capabilities being exposed and to not end up in the news.'
Google added that surveillance vendors continue to proliferate.
'In instances where law enforcement action or public disclosure has pushed vendors out of business, we've seen new vendors arise to provide similar services," James Sadowski, a principal analyst at GTIG, told TechCrunch. "As long as government customers continue to request and pay for these services, the industry will continue to grow.'
Do you have more information about government hacking groups, zero-day developers, or spyware makers? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.
The remaining 11 attributed zero-days were likely exploited by cybercriminals, such as ransomware operators targeting enterprise devices, including VPNs and routers.
The report also found that the majority of the total 75 zero-days exploited during 2024 were targeting consumer platforms and products, like phones and browsers, while the rest exploited devices typically found on corporate networks.
The good news, according to Google's report, is that software makers defending against zero-day attacks are increasingly making it more difficult for exploit makers to find bugs.
"We are seeing notable decreases in zero-day exploitation of some historically popular targets such as browsers and mobile operating systems,' per the report.
Sadowski specifically pointed to Lockdown Mode, a special feature for iOS and macOS that disables certain functionality with the goal of hardening cell phones and computers, which has a proven track record of stopping government hackers, as well as Memory Tagging Extension (MTE), a security feature of modern Google Pixel chipsets that helps detect certain types of bugs and improve device security.
Reports like Google's are valuable because they give the industry, and observers, data points that contribute to our understanding of how government hackers operate — even if an inherent challenge with counting zero-days is that, by nature, some of them go undetected, and of those that are detected, some still go without attribution.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Los Angeles Times
39 minutes ago
- Los Angeles Times
Bed bugs in Ventura hotel lead to $2-million jury ruling for bitten guests
A bed bug-ridden stay at a Ventura hotel turned into a multimillion-dollar jury payout for two guests who were 'massacre[d] from bed bug bites' during their visit, according to court records. A jury on Friday ordered the Shores Inn to pay $2 million to Alvaro Gutierrez and Ramiro Sanchez, in what may be one of the largest known bed bug-related jury awards. 'The bed bugs latched onto the Plaintiffs while they slept, sucked their blood until they were gorged, and resisted eradication,' according to the complaint. A representative for Shores Inn did not immediately respond to a request for comment. An attorney representing the hotel in the suit also did not respond to a request for comment. According to their complaint, Gutierrez and Sanchez were 'exposed to painful and disgusting bed bug infestations,' and suffered physical, emotional, and mental anguish as a result of their Feb. 7, 2020, stay at the beachside hotel. 'The management was not taking good care of the place,' said Brian Virag, attorney for Gutierrez and Sanchez. 'Turns out, they had experience with bed bugs at that hotel dating back a long time.' The hotel, located near the 101 Freeway and just a short walk from Ventura Beach, touts easy parking and proximity to the Ventura Pier and the Ventura Harbor. The complaint, filed in December 2021, alleges the two men rented a room at the hotel and immediately began experiencing bed bug bites. The suit also alleged that management at the hotel must have been aware of bed bug problems because several online reviews on Google and Yelp warned guests about bed bugs at the hotel, located at 1059 South Seaward Ave. in Ventura. Despite knowing about the problem, the suit alleges, management failed to eradicate the pests from the hotel, exposing guests to harm. Gutierrez and Sanchez left the hotel after one night, Virag said, and had to seek medical treatment as a result of the bites. On May 23, a jury awarded Gutierrez $400,000 in damages for past and future pain, disfigurement, grief, and emotional distress as a result of the injuries. Sanchez was awarded $600,000 in damages, according to court records. The jury also awarded $500,000 each to the two men in punitive damages. In 2022, the Disneyland Resort agreed to pay $100,000 to a resort hotel guest in a lawsuit settlement addressing claims she was bitten by bedbugs during a visit in 2018. The following year, a British tourist represented by Virag won a $375,000 award after being attacked by bed bugs during a stay at a Hollywood Hills home. Virag, an Encino-based attorney who has specialized in bed bug cases filed against hotels and apartments, said the $2-million jury award is the largest one he's seen in bed bug-related cases in his career.
Tom's Guide
44 minutes ago
- Tom's Guide
Google's NotebookLM just got a huge upgrade — here's why it beats ChatGPT for team projects
Google's experimental AI notebook NotebookLM just rolled out a major feature, and it could be the upgrade that turns this low-key tool into a must-have for teams, classrooms and creators. Starting today, you can share your NotebookLM notebooks publicly with a single link. That means your AI-powered research, study guides, or project notes can now be explored by anyone — no Google sign-in required. While ChatGPT thrives on single-use chats and Claude offers limited recall, NotebookLM's persistent, sharable structure just gave it a serious edge in the AI collaboration game. Factor in the fact that NotebookLM was recently awarded Best Research Tool in Tom's Guide's own AI Awards, and you start to see why this AI notebook from Google is making waves. With this update, NotebookLM goes beyond a private research assistant and transforms into an interactive, AI-powered knowledge hub. Here's what public sharing unlocks: Whether you're publishing a study guide for your class, product docs for your team or an overview of a nonprofit's mission, you can now let others explore and engage without handing over the keys. No editing is allowed. Open a notebook in NotebookLM. Click the 'Share' button in the top-right corner. Set access to 'Anyone with the link.' Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Share the URL — that's it. Now, anyone with the link can chat with your notebook, explore summaries and listen to audio overviews generated by NotebookLM's built-in AI. They can't edit your sources, but they can interact with the content. If you've never used NotebookLM before, don't worry, it's surprisingly easy to get started. Think of it like a smart research notebook powered by AI, designed to help you organize, summarize and query your sources all in one place. Here's how to use it: 1. Create a new notebook Head to and sign in with your Google account. Click '+ New Notebook' to get started. 2. Upload your sources You can add text files, Google Docs, PDFs or your own typed and pasted notes. NotebookLM's AI will automatically analyze your sources and surface insights. 3. Ask questions Once your sources are uploaded, use the built-in AI chat to ask questions like: 4. Explore auto-generated content NotebookLM automatically creates helpful studio artifacts: Audio Overviews – Listen to a summary of your notebook FAQs – Get quick answers based on your content Briefing Docs – A high-level summary for quick digestion 5. Share it With the new public sharing feature, you can hit 'Share' in the top-right corner, set access to 'Anyone with the link,' and turn your notebook into an interactive knowledge hub for others. While ChatGPT excels in one-off conversations, NotebookLM is designed to hold onto structured research and now, to share it. NotebookLM gives users the edge because instead of starting from scratch every time, viewers access a curated, structured notebook. Viewers can query the notebook, while your data stays helpful extras like FAQs, summaries, and audio recaps are auto-generated, which could be userful for educators, startup teams, research projects and creators looking to package and publish their knowledge in a smart, accessible way. NotebookLM's public sharing update adds an element to the useful AI tool that other big AI names haven't yet given us. While ChatGPT and Claude remain great for personal brainstorming, NotebookLM just became the AI-powered Google Docs alternative we didn't know we needed. If you're ready to try it for yourself, head to NotebookLM and give it a try. Share your thoughts in the comments, I'd love to know what you think of this new upgrade.
Time Business News
44 minutes ago
- Time Business News
Best IPTV Apps for American Viewers: What to Use and Why in 2025
In today's evolving streaming landscape, IPTV apps are becoming essential tools for viewers looking to access more content without the high cost of cable. With hundreds of services now available, choosing the best IPTV app can be overwhelming. This guide explores the top apps for U.S. viewers in 2025 and why IPTV is revolutionizing digital entertainment. According to recent analysis from the Jerusalem Post, the rise of IPTV subscription models is reshaping how Americans consume media, making IPTV apps a crucial part of this change. The best IPTV apps must offer: Device compatibility (Firestick, Android TV, Smart TVs, iOS) (Firestick, Android TV, Smart TVs, iOS) User-friendly interface with channel grouping and EPG (Electronic Program Guide) with channel grouping and EPG (Electronic Program Guide) Multi-account support and VOD and VOD Stable playback with minimal buffering Let's explore the apps that meet these criteria. IPTV Smarters Pro remains a favorite among U.S. users in 2025. With easy playlist integration, parental control, and a clean interface, it's great for homes that want simplicity and flexibility. Compatible with Android, iOS, Firestick, and Smart TVs Supports live TV, VOD, catch-up, and multi-screen view TiviMate offers a more advanced experience, ideal for viewers who want customization. Intuitive EPG and multi-playlist management Create favorites, edit channel names, and control layout This app is perfect for users who don't want to sideload APKs. SmartOne IPTV works directly from your Smart TV browser. Easy activation through portal Playlist and channel filtering support XCIPTV is gaining popularity thanks to its sleek layout and built-in VOD support. Compatible with Firestick and Android boxes Includes external player support and backup/restore settings While many of these IPTV apps can be found on the Google Play Store, some require sideloading. The Downloader app on Firestick is your best friend for that process. Simply paste the APK URL and install directly. 🔗 Helpful Device Options: Roku Express 4K+ NVIDIA Shield TV – Ultimate Android Streamer Xtreme IPTV solution for high-performance US streaming Known for fast speeds and a wide range of U.S. and international channels, Xtreme HD IPTV integrates seamlessly with Smarters Pro and TiviMate. Reliable IPTV provider for families and Smart TV users CatchOn TV offers stable performance and excellent support for app integration, especially on SmartOne and XCIPTV. Yes. IPTV users should protect their privacy and access geo-restricted content. If you want more control over your viewing experience in 2025, IPTV apps offer the customization and content access that mainstream platforms lack. Whether you're using a Firestick, Smart TV, or Android box, the apps above give you a superior, user-friendly experience. Explore your options with trusted IPTV providers and protect your stream with a VPN for the best results. #IPTVAppsUSA #BestIPTV2025 #IPTVPlayers #FirestickApps #SmartTVStreaming TIME BUSINESS NEWS
