Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.
The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.
Read more…
Source: Malwarebytes Labs
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Hellhounds: Operation Lahat
November 30, 2023
In 2023, Positive Technologies Computer Security Incident Response Team (PT CSIRT) discovered that a certain power company was compromised by the Decoy Dog trojan. According to the PT CSIRT investigation, Decoy Dog has been actively used in cyberattacks on Russian companies and government organizations since at least September 2022. This trojan was previously discussed by NCIRCC, Infoblox, ...
- Booking.com hackers increase attacks on customers
November 30, 2023
Hackers are increasing their attacks on Booking.com customers by posting adverts on dark web forums asking for help finding victims. Cyber-criminals are offering up to $2,000 (£1,600) for login details of hotels as they continue to target the people who are staying with them. Since at least March, customers have been tricked into sending money to ...
- France bans ministers from WhatsApp, Signal; demands French alternatives
November 30, 2023
French Prime Minister Élisabeth Borne has banned widely used messaging apps WhatsApp, Telegram and Signal for ministers and their teams due to security vulnerabilities, according to a memo obtained by French news outlet Le Point. “These digital tools are not devoid of security flaws, and therefore cannot guarantee the security of conversations and information shared via ...
- Japan space agency server likely hit by unauthorized access attack
November 29, 2023
Japan’s space agency was likely hit by an unauthorized access attack to a network server, the government said Wednesday, adding the incident did not involve sensitive information pertaining to rockets or satellites. Sources close to the matter said the Japan Aerospace Exploration Agency was not aware that the breach may have occurred sometime during the summer ...
- Spyware Employs Various Obfuscation Techniques to Bypass Static Analysis
November 29, 2023
With the surging popularity of mobile applications, the landscape of cybersecurity is encountering increasingly intricate and discreet forms of malicious software. One common strategy in the realm of cybersecurity is code obfuscation. This practice involves the deliberate alteration of various elements within the code, such as variables, functions, and class names, rendering them virtually indecipherable. This ...
- ownCloud vulnerability can be used to extract admin passwords
November 28, 2023
ownCloud has warned users about three critical security flaws in its file-sharing software which, if exploited, could reveal sensitive information and modify files. An especially and potentially impactful one is a vulnerability that could lead to disclosure of sensitive credentials and configuration in containerized deployments. ownCloud is a very widely used open-source project that allows users ...

