Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.
The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.
Read more…
Source: Malwarebytes Labs
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks
December 17, 2024
Red teaming provides essential tools and testing methodologies for organizations to strengthen their security defenses. Cybercriminals and advanced persistent threat (APT) actors pay close attention to new methods and tools red teams develop, and they may repurpose them with a malicious intent. In October 2024, an APT group that Trend Micro tracks as Earth Koshchei (also ...
- Task scams surge by 400%, but what are they?
December 16, 2024
An unfamiliar type of scam has surged against everyday people, with a year-over-year increase of some 400%, putting job seekers at risk of losing their time and money. The emerging threat is delivered in “task scams” or “gamified job scams.” While these scams were virtually non-existent in 2020, the FTC reported 5,000 cases in 2023 and ...
- HiatusRAT Actors Targeting Web Cameras and DVRs
December 16, 2024
The Federal Bureau of Investigation (FBI) is releasing this Private Industry Notification (PIN) to highlight HiatusRAT1 scanning campaigns against Chinese-branded web cameras and DVRs. Private sector partners are encouraged to implement the recommendations listed in the “Mitigation” column of the table below to reduce the likelihood and impact of these attack campaigns. Threat HiatusRAT is a ...
- 2024 Threat Landscape Statistics: Ransomware Activity, Vulnerability Exploits, and Attack Trends
December 16, 2024
In this blog, the global experts across our Rapid7 Labs and Managed Services teams share real-time vulnerability insights and threat intelligence so that our customers can anticipate and prevent breaches, pinpoint critical threats, and confidently take command of their attack surface. The Rapid7 Labs team has rounded up statistics and trends that caught their eye throughout ...
- NotLockBit ransomware targets Apple users with advanced file-locking and data exfiltration
December 15, 2024
The recent discovery of macOS.NotLockBit suggests a shift in the landscape, as this newly identified malware, named after the notorious LockBit variant, could mark the beginning of more serious ransomware campaigns against Mac users. Ransomware targeting Mac devices tends to lack the necessary tools to truly lock files or exfiltrate data. The general perception has been ...
- Cyber attack may affect personal information of thousands of Rhode Islanders
December 13, 2024
A massive cyberattack could impact the personal information of hundreds of thousands of Rhode Islanders after hackers targeted a state contractor that stores health and personal data. Governor Dan McKee announced that the personal information of thousands was compromised in a cybersecurity attack. Anyone who has ever received or applied for health coverage or human service ...

