Chipmaker giant Qualcomm released patches on Monday fixing a series of vulnerabilities in dozens of chips, including three zero-days that the company said may be in use as part of hacking campaigns.
Qualcomm cited Google’s Threat Analysis Group, or TAG, which investigates government-backed cyberattacks, saying the three flaws “may be under limited, targeted exploitation.” According to the company’s bulletin, Google’s Android security team reported the three zero-days (CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038) to Qualcomm in February.
Read more…
Source: TechCrunch News
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Mirai Variant V3G4 Targets IoT Devices
February 15, 2023
From July to December 2022, Unit 42 researchers observed a Mirai variant called V3G4, which was leveraging several vulnerabilities to spread itself. The vulnerabilities exploited include the following: CVE-2012-4869: FreePBX Elastix Remote Command Execution Vulnerability Gitorious Remote Command Execution Vulnerability CVE-2014-9727: FRITZ!Box Webcam Remote Command Execution Vulnerability Mitel AWC Remote Command Execution Vulnerability Read more… Source: Palo Alto Unit 42
- Hyundai and Kia issue software upgrades to thwart killer TikTok car theft hack
February 15, 2023
Korean car-makers Hyundai and Kia will issue software updates to some of their models after a method of stealing them circulated on TikTok, leading to many thefts and even some deaths. The “Kia Challenge” started circulating in mid-2022 and explained that it’s possible to remove the steering column covering on some Hyundai and Kia models by ...
- CISA Adds Three Known Exploited Vulnerabilities to Catalog
February 10, 2023
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as ...
- Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs
February 9, 2023
Trend Micro researchers recently found an active campaign that uses a fake employment pretext targeting Eastern Europeans in the cryptocurrency industry to install an information stealer. In this campaign, the suspected Russian threat actors use several highly obfuscated and under-development custom loaders to infect those involved in the cryptocurrency industry with the Enigma Stealer (detected ...
- Italy warns hackers targeting known server vulnerability
February 6, 2023
Thousands of computer servers have been targeted by a global ransomware hacking attack targeting VMware ESXi servers, Italy’s National Cybersecurity Agency (ACN) said on Sunday, warning organisations to take action to protect their systems. The hacking attack sought to exploit a software vulnerability, ACN director general Roberto Baldoni told Reuters, adding it was on a massive ...
- GoAnywhere MFT zero-day vulnerability lets hackers breach servers
February 3, 2023
The developers of the GoAnywhere MFT file transfer solution are warning customers of zero-day remote code execution vulnerability on exposed administrator consoles. GoAnywhere is a secure web file transfer solution that allows companies to securely transfer encrypted files with their partners while keeping detailed audit logs of who accessed the files. Read more… Source: Bleeping Computer