Google fixes two actively exploited zero-day vulnerabilities in Android


Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.

The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.

Read more…
Source: Malwarebytes Labs


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • 240,000 Credit Union Members Exposed

    December 20, 2024

    A recent data breach at SRP Federal Credit Union, based in South Carolina, has left over 240,000 members vulnerable to potential identity theft and financial fraud. Between Sept. 5 and Nov. 4, 2024, hackers accessed sensitive personal data, including Social Security numbers, driver’s license information, dates of birth and financial account details. The ransomware group Nitrogen ...

  • BellaCPP: Discovering a new BellaCiao variant written in C++

    December 20, 2024

    BellaCiao is a .NET-based malware family that adds a unique twist to an intrusion, combining the stealthy persistence of a webshell with the power to establish covert tunnels. It surfaced for the first time in late April 2023 and has since been publicly attributed to the APT actor Charming Kitten. One important aspect of the BellaCiao samples ...

  • Ukraine Hit By Massive Cyber Attack

    December 20, 2024

    Ukraine government databases, described as critically important infrastructure, have been hit by a cyber attack that’s being blamed on Russia. Deputy prime minister Olha Stefanishyna said it was the largest external cyber attack on the state registers of Ukraine in recent times. “As a result of a targeted attack, the work of the Unified and State Registers, ...

  • Ransomware attack on health giant Ascension hits 5.6 million patients

    December 20, 2024

    A May ransomware attack on Ascension, a U.S. healthcare giant with more than 140 hospitals and dozens of senior living facilities, allowed hackers to steal personal and sensitive health information on 5.6 million patients, according to a new filing with Maine’s attorney general. The cyberattack caused widespread disruption across its hospital system, with some staff describing ...

  • Thousands of GPS tracking customers have info leaked following data breach

    December 19, 2024

    Hapn, a company that sells GPS tracking hardware and software, is reportedly spilling sensitive user information online, and is not responding to researcher alerts or media inquiries, experts have claimed. In late November 2024, a security researcher reached out to TechCrunch, saying they observed a bug in Hapn’s website, which allows malicious actors to view the ...

  • Attackers exploiting a patched FortiClient EMS vulnerability in the wild

    December 19, 2024

    During a recent incident response, Kaspersky’s GERT team identified a set of TTPs and indicators linked to an attacker that infiltrated a company’s networks by targeting a Fortinet vulnerability for which a patch was already available. This vulnerability is an improper filtering of SQL command input making the system susceptible to an SQL injection. It specifically ...