Google fixes two actively exploited zero-day vulnerabilities in Android


Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.

The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.

Read more…
Source: Malwarebytes Labs


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • MongoDB, North Face owner VF Corp and Mr. Cooper fall victim to cyberattacks

    December 18, 2023

    It has been a busy few days on the cybersecurity front as three notable companies confirmed hacks over the last two days: MongoDB Inc., North Face and Vans owner VF Corp., and mortgage broker Mr. Cooper Group Inc. The first hack, that of MongoDB, was confirmed over the weekend and involved its corporate systems being breached ...

  • Israeli-linked hacker group behind major cyber-attack on Iran’s petrol stations

    December 18, 2023

    An Israeli-linked hacker group claims to have carried out a major cyber-attack on Iranian petrol stations, knocking 70 per cent of them offline on Monday. Predatory Sparrow, or “Gonjeshke Darande” in Persian, said it launched the “controlled” attack in response to “aggression” by the Islamic Republic and its proxies in the region. “This cyber attack was ...

  • Europol: Online Jihadist Propaganda – 2022 in review

    December 18, 2023

    This report is the fifth edition of the annual review of online jihadist propaganda. It analyses the major trends and developments in the propaganda of the most prominent Sunni jihadist organisations – the self-proclaimed Islamic State (IS) and al-Qaeda (AQ) – as well as their branches and offshoots. The review addresses the trajectories of these groups, ...

  • Defense Contractor Austal USA Confirms a Cyber Attack by Hunters International Ransomware Group

    December 15, 2023

    Australian-based American defense contractor Austal USA has confirmed a cyber attack after the Hunters International ransomware group listed the company and shared samples of the stolen data as proof. Austal USA is a Contractor for the US Department of Defense (DOD) and the Department of Homeland Security (DHS), undertaking major U.S. Navy shipbuilding programs. With five ...

  • Snatch ransomware attack claims probed by Kraft Heinz

    December 15, 2023

    U.S. multinational food and beverage company Kraft Heinz has launched an investigation into the Snatch ransomware gang’s recently emerged claims of an August attack even though there has been no indication of any systems compromise. Despite admitting responsibility for the attack, the Snatch ransomware operation has not posted any proof of data that it exfiltrated from ...

  • Critical RCE vulnerability discovered in Perforce Helix Core Server

    December 15, 2023

    Microsoft discovered, responsibly disclosed, and helped remediate four vulnerabilities that could be remotely exploited by unauthenticated attackers in Perforce Helix Core Server (“Perforce Server”), a source code management platform largely used in the videogame industry and by multiple organizations spanning government, military, technology, retail, and more. Perforce Server customers are strongly urged to update to version ...