Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.
The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.
Read more…
Source: Malwarebytes Labs
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- New “BrowserGate” report claims LinkedIn secretly scans user browsers for installed extensions and collects device data
April 6, 2026
A new report is alleging LinkedIn uses hidden JavaScript to scan its visitors’ browsers for installed extensions, looks for those that compete with its own sales tools, and then twists its users’ arms until they stop using those and pick LinkedIn’s products, instead. However the social network says this is a smear campaign run by a ...
- Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations
April 6, 2026
The financially motivated cybercriminal actor tracked by Microsoft Threat Intelligence as Storm-1175 operates high-velocity ransomware campaigns that weaponize N-days, targeting vulnerable, web-facing systems during the window between vulnerability disclosure and widespread patch adoption. Following successful exploitation, Storm-1175 rapidly moves from initial access to data exfiltration and deployment of Medusa ransomware, often within a few days and, ...
- Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads
April 3, 2026
In late March 2026open on a new tab, Anthropic inadvertently released the internal Claude Code source material as part of an npm package that included a large internal source map file. Although the incident stemmed from a simple packaging mistake, threat actors were quick to capitalize on the resulting attention. Only 24 hours after the ...
- vSphere and BRICKSTORM Malware: A Defender’s Guide
April 2, 2026
Building on recent BRICKSTORM research from Google Threat Intelligence Group (GTIG), this post explores the evolving threats facing virtualized environments. These operations directly target the VMware vSphere ecosystem, specifically the vCenter Server Appliance (VCSA) and ESXi hypervisors. To help organizations stay ahead of these risks, we will focus on the essential hardening strategies and mitigating controls ...
- Sophisticated supply chain attack exploited TrueConf update process
April 2, 2026
Southeast Asian governments were recently targeted by a highly sophisticated supply chain attack as part of a wider cyber-espionage campaign, which experts believe is the work of the Chinese government. Security researchers Check Point detailed their findings on Operation TrueChaos, a campaign revolving around a zero-day vulnerability in TrueConf, a video conferencing and collaboration platform which ...
- Gigabyte warns users Control Center flaw could let hackers hijack your files
April 1, 2026
GIGABYTE Control Center, a Windows utility which comes preloaded with certain computers, carried a critical-severity vulnerability that allowed malicious actors to access files, run code, and trigger denial-of-service conditions on affected devices. The bug has now been addressed and users are advised to patch up without delay. GIGABYTE is a major hardware manufacturer known for, among ...