In the rapidly evolving landscape of cybersecurity, zero-day vulnerabilities have become a focal point of concern as reports indicate a sharp increase in their exploitation. These vulnerabilities, unknown to software vendors and thus unpatched, allow attackers to infiltrate systems with devastating efficiency. Recent analyses from leading cybersecurity firms highlight a surge in such exploits, driven by sophisticated threat actors who are increasingly targeting the tech sector and related industries. This escalation is not isolated but part of a broader trend where cyber threats are amplifying through automation, artificial intelligence, and supply chain compromises.
The first half of 2025 has seen a notable 46% increase in zero-day exploitation compared to previous periods, according to Forescout’s 2025H1 Threat Review. This report also notes an 80% jump in Common Vulnerabilities and Exposures (CVEs) added to the U.S. Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (KEV) catalog. Alarmingly, 47% of newly exploited vulnerabilities were originally published before 2025, indicating that attackers are revisiting older flaws in unconventional devices such as edge devices, IP cameras, and BSD servers. These serve as entry points for lateral movement across IT, operational technology (OT), and Internet of Things (IoT) environments. For instance, the Chinese threat actor known as Silver Fox has been linked to campaigns like ValleyRAT, which targets healthcare systems through overlooked IoT devices or infostealer malware.
This surge aligns with broader cyber threat trends documented in Fortinet’s 2025 Global Threat Landscape Report, which reveals a record increase in automated cyberattacks. Automated scanning for vulnerabilities has risen by 16.7% year-over-year, with billions of scans occurring monthly—equivalent to 36,000 per second. These scans primarily target exposed services like Session Initiation Protocol (SIP), Remote Desktop Protocol (RDP), and OT/IoT protocols such as Modbus TCP. The report emphasizes how adversaries are weaponizing AI to enhance their operations, using tools like FraudGPT and BlackmailerV3 to create more realistic phishing campaigns and evade detection. Over 40,000 new vulnerabilities were added to the National Vulnerability Database in 2024 alone, a 39% rise from the previous year, further fueling this vulnerability exploitation boom.
The tech sector, encompassing software development, IT services, and cloud computing, is particularly vulnerable due to its interconnected nature. Software supply chain attacks have hit record highs in 2025, with October seeing 41 such incidents claimed by threat actors on dark web leak sites—a 30% increase over the prior record set in April. Since April, these attacks have averaged more than 28 per month, doubling the rate from early 2024 to March 2025. All 24 tracked sectors have been affected, but IT and IT services companies have borne the brunt, facing 107 attacks this year. Groups like Akira and Qilin ransomware operators have been prolific. Akira, for example, compromised a major open-source software project, stealing 23GB of data including employee information, financial documents, and internal reports. They also targeted IT providers serving government, law enforcement, and industrial clients, extracting sensitive data like NDAs and customer files.
Qilin’s activities further illustrate the cascading impacts on the tech ecosystem. They breached a U.S.-based financial technology company, accessing hardening reports and IT infrastructure details from a major financial services firm. In another incident, Qilin hit a cybersecurity and cloud services provider for healthcare, using clear-text credentials in documents to infiltrate downstream customer environments, stealing personal information, financial records, and medical reports. Such breaches not only compromise the initial target but enable attackers to pivot to clients in finance, energy, defense, and government sectors, amplifying the threat across the supply chain.
Manufacturing, often intertwined with tech through Industry 4.0 integrations, has seen a 71% surge in threat actor activity from 2024 to the first quarter of 2025, involving 29 distinct groups. This sector accounts for 22% of cyberattacks where attribution is possible, making it the most targeted for the third year running. Vulnerabilities in open-source software, phishing campaigns, and OT systems are key entry points. Nation-state actors, including Chinese-linked groups like APT10 and Volt Typhoon, have conducted espionage via phishing emails disguised as job offers, targeting semiconductor ecosystems in Taiwan. These attacks exploit the sector’s complex supplier networks, leading to production delays, intellectual property theft, and financial losses estimated at trillions globally due to unplanned downtime.
Healthcare, another tech-reliant field, has emerged as the most impacted sector for data breaches in the first half of 2025, with an average of two breaches per day affecting nearly 30 million individuals. Ransomware incidents have risen 36% year-over-year, totaling 3,649 cases, with the U.S. accounting for 53%. Examples include trojanized DICOM imaging software delivering malware to patient systems and Silver Fox’s ValleyRAT campaigns. Hacktivism, often backed by nation-states, adds another layer, with 9% of threat actor updates attributed to hacktivists. Iranian groups like GhostSec and CyberAv3ngers have targeted PLCs in Israeli infrastructure, evolving into coordinated campaigns under identities like APT IRAN.
The darknet exacerbates these threats, with over 100 billion compromised records shared in 2024—a 42% spike—driven by “combo lists” of credentials. Initial access brokers sell corporate credentials, RDP access, and web shells, lowering barriers for cybercriminals. Cloud incidents, where 70% involve logins from unfamiliar locations, highlight misconfigurations in storage buckets and identities. Sectors like manufacturing (17%), business services (11%), and retail (9%) are prime targets, with the U.S. facing 61% of attacks.
This escalation is compounded by underreporting, as revealed in VikingCloud’s 2025 Cyber Threat Landscape Report, where 48% of leaders withheld breach information and 22% concealed five or more incidents. AI-driven threats, including advanced malware and phishing, are surging, making traditional defenses obsolete.
Looking ahead, experts recommend proactive measures: adopting AI-powered defenses, zero-trust architectures, and continuous threat exposure management. Prioritizing vulnerabilities using frameworks like EPSS and CVSS, conducting red/purple teaming, and monitoring dark web intelligence are crucial. As cyber threats continue to evolve, the tech sector must innovate to stay ahead, or risk cascading failures across global economies.
The U.K.’s National Cyber Security Centre reports four ‘nationally significant’ attacks per week, underscoring the growing gap between threats and defenses. With automated attacks and zero-days proliferating, 2025 demands urgent collaboration between governments, vendors, and enterprises to mitigate these risks. Failure to act could lead to unprecedented disruptions in critical infrastructure and innovation hubs worldwide.
