Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.
The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.
Read more…
Source: Malwarebytes Labs
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Singapore law firm Shook Lin & Bok hit by cyber attack; allegedly paid ransom
May 5, 2024
Singapore law firm Shook Lin & Bok was hit by a ransomware attack in April, and the incident is now under investigation by the local authorities. In response to queries from The Straits Times, the firm said in a statement on May 2 that the incident was discovered on April 9, and it immediately engaged a ...
- U.K., U.S. and Canadian cyber authorities warn of pro-Russia hacktivist attacks on OT systems
May 3, 2024
The U.K.’s National Cyber Security Centre (NCSC) and other international cyber authorities, including the Federal Bureau of Investigation (FBI), have warned about pro-Russia hacktivist attacks targeting providers of operational technology. OT is hardware and software that interacts with the physical environment and includes smart water metres, automated irrigation systems, dam monitoring systems, smart grids and IoT ...
- Graph: Growing number of threats leveraging Microsoft API
May 2, 2024
An increasing number of threats have begun to leverage the Microsoft Graph API, usually to facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services. The technique was most recently used in an attack against an organization in Ukraine, where a previously undocumented piece of malware used the Graph API to leverage Microsoft OneDrive for ...
- Watch out for tech support scams lurking in sponsored search results
May 2, 2024
A campaign using sponsored search results is targeting home users and taking them to tech support scams. Sponsored search results are the ones that are listed at the top of search results and are labelled “Sponsored”. They’re often ads that are taken out by brands who want to get people to click through to their website. ...
- Scaly Wolf’s new loader: the right tool for the wrong job
May 2, 2024
The BI.ZONE Threat Intelligence team has uncovered a fresh campaign by the group targeting Russian and Belarusian organizations. The threat actors are distributing phishing emails under the guise of a federal agency. The emails have a legitimate document as an attachment. It aims to lull the recipient’s vigilance and prompt them to open the other file, ...
- UnitedHealth data breach caused by lack of multifactor authentification
May 1, 2024
Hackers breached the computer system of a UnitedHealth Group subsidiary and released ransomware after stealing someone’s password, CEO Andrew Witty testified Wednesday on Capitol Hill. The cybercriminals entered through a portal that didn’t have multifactor authentification (MFA) enabled. During an hourslong congressional hearing, Witty told lawmakers that the company has not yet determined how many patients ...

