Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.
The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.
Read more…
Source: Malwarebytes Labs
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Stealer here, stealer there, stealers everywhere!
October 21, 2024
Information stealers, which are used to collect credentials to then sell them on the dark web or use in subsequent cyberattacks, are actively distributed by cybercriminals. Some of them are available through a monthly subscription model, thus attracting novice cybercriminals. According to Kaspersky Digital Footprint Intelligence, almost 10 million devices, both personal and corporate, were attacked ...
- Internet Archive attackers email support users: “Your data is now in the hands of some random guy”
October 21, 2024
Those who hacked the Internet Archive haven’t gone away. Users of the Internet Archive who have submitted helpdesk tickets are reporting replies to the tickets from the hackers themselves. Internet Archive, most known for its Wayback Machine, is a digital library that allows users to look at website snapshots from the past. It is often used ...
- Taiwan: Defense ministry confirms basic data leak
October 21, 2024
The Ministry of National Defense today confirmed a data leak of basic personal information about certain high-ranking officials in response to a report from Chinese-language media, but said it did not include any information about personal asset holdings. The China Times this morning published a report saying that personal data of people ranked colonel and above ...
- Code Injection in Spring Cloud: CVE-2024-37084
October 18, 2024
The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-37084, assessed its impact, and developed mitigation measures for this vulnerability. CVE-2024-37084 is a critical vulnerability affecting Spring Cloud Data Flow versions 2.11.0 through 2.11.3. A malicious user with access to the Skipper server API can exploit a flaw in the upload request process, ...
- Finland’s NBI probes wave of bank cyber attacks
October 18, 2024
Finland’s National Bureau of Investigation has opened a preliminary probe on a series of cyber attacks on the country’s financial sector. Finnish banks have been targeted in cyber attacks in recent months. In particular, Nordea Bank has been hit by several distributed denial of service (DDoS) attacks throughout the autumn. The bank has faced recurring problems ...
- Analysis of the Crypt Ghouls group: continuing the investigation into a series of attacks on Russia
October 18, 2024
Last December, Kaspersky researchers discovered a new group targeting Russian businesses and government agencies with ransomware. Further investigation into this group’s activity suggests a connection to other groups currently targeting Russia. Kaspersky researchers have seen overlaps not only in indicators of compromise and tools, but also tactics, techniques, and procedures (TTPs). Moreover, the infrastructure partially overlaps ...

