Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.
The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.
Read more…
Source: Malwarebytes Labs
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- UK: Council worker took tens of thousands of email addresses in massive data breach
February 19, 2024
A massive data breach by a worker at Stratford-on-Avon District Council saw tens of thousands of email addresses taken. The breach, which happened in November last year, was over a database of email addresses given by residents, the authority said. The probe found that around 79,000 email addresses from the garden waste collection database were affected. ...
- SolarWinds Releases Critical Security Updates for Access Rights Manager
February 19, 2024
SolarWinds has released security updates addressing five remote code execution (RCE) vulnerabilities in Access Rights Manager (ARM). Path traversal vulnerabilities, CVE-2024-23476 and CVE-2024-23479, are both rated as critical with a CVSSv3 score of 9.6. An unauthenticated attacker could exploit these vulnerabilities, which could lead to RCE. Read more… Source: NHS Digital
- ALPHV ransomware says it was behind attacks on loanDepot, Prudential Financial
February 19, 2024
The infamous ALPHV ransomware operator (also known as BlackCat) has added two companies to its data leak site – Prudential Financial, and loanDepot, in a seeming admission it was behind the attacks on both companies. So far, the group has only added the names to its site, with the actual data not yet available. Apparently, the ...
- UK: Water group made loss in wake of cyber attack
February 19, 2024
The Walsall-headquartered integrated serviced group, which operates South Staffordshire Water and Cambridge Water, posted a pre-tax loss of £23.1 million for the year to the end of March from a £7.6m profit a year earlier. The losses was put down to the impact of rising costs including on energy and chemicals, higher than expected water production ...
- Why are ransomware gangs making so much money?
February 17, 2024
For many organizations and startups, 2023 was a rough year financially, with companies struggling to raise money and others making cuts to survive. Ransomware and extortion gangs, on the other hand, had a record-breaking year in earnings, if recent reports are anything to go by. It’s hardly surprising when you look at the state of the ...
- Alpha Ransomware Emerges From NetWalker Ashes
February 16, 2024
Alpha, a new ransomware that first appeared in February 2023 and stepped up its operations in recent weeks, has strong similarities to the long-defunct NetWalker ransomware, which disappeared in January 2021 following an international law enforcement operation. The NetWalker Connection Analysis of Alpha reveals significant similarities with the old NetWalker ransomware. Both threats use a similar ...

