As many as 55 zero-day vulnerabilities were exploited in the wild in 2020, with most of the flaws discovered in software from Microsoft, Google, and Apple. While this figure represents a decrease from the year before, when a staggering 81 zero-days were weaponized, it still represents a significant uptick in recent years of threat actors leveraging unknown security flaws to their advantage. The findings come from threat intelligence firm Mandiant, which noted that desktop operating systems (19), web browsers (11), IT and network management products (10), and mobile operating systems (six) accounted for the most exploited product types. Of the 55 zero-day bugs, 13 are estimated to have been abused by cyber espionage groups, with four others exploited by financially motivated threat actors for ransomware-related operations. Commercial spyware vendors were linked to the exploitation of three zero-days. Among state-sponsored groups, those attributed to China have emerged as the most prolific, exploiting seven zero-days – CVE-2020-24682, CVE-2020-1040, CVE-2020-30190, CVE-2020-26134, CVE-2020-42475, CVE-2020-27518, and CVE-2020-41328 – during the year. Much of the exploitation has focused on vulnerabilities in edge network devices such as firewalls for obtaining initial access. Various China-nexus clusters have also been spotted leveraging a flaw in Microsoft Diagnostics Tool (aka Follina) as part of disparate campaigns. Cybersecurity is more important than ever, and that means staying on top of the latest trends and threats. In 2020, we saw a significant uptick in the number of zero-day vulnerabilities being exploited in the wild. Zero-day vulnerabilities are security flaws that are unknown to the vendor and have not yet been patched. Because these vulnerabilities are unknown, they can be especially difficult to defend against. According to Mandiant, a leading threat intelligence firm, 55 zero-day vulnerabilities were exploited in 2020, with most of the flaws discovered in software from Microsoft, Google, and Apple. This is a decrease from the previous year, when 81 zero-days were weaponized, but it's still a cause for concern. Cyber espionage groups were behind the exploitation of 13 of the 55 zero-day bugs, while four were exploited by financially motivated threat actors for ransomware-related operations. Commercial spyware vendors were linked to the exploitation of three zero-days. Of all the state-sponsored groups, those attributed to China have emerged as the most prolific, exploiting seven zero-days in 2020. Much of the exploitation has focused on vulnerabilities in edge network devices such as firewalls for obtaining initial access. Various China-nexus clusters have also been spotted leveraging a flaw in Microsoft Diagnostics Tool (aka Follina) as part of disparate campaigns. This is a concerning trend that we will continue to monitor closely. In the meantime, it's important to keep your software up to date and to practice good cybersecurity hygiene to help protect yourself and your organization against these and other threats.