Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.
The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.
Read more…
Source: Malwarebytes Labs
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Step-by-step through the Money Message ransomware
October 30, 2023
In August 2023, the Sophos X-Ops Incident Response team was engaged to support an organization in Australia infected with Money Message ransomware. This attack vector, known for its stealth, does not append any file extensions to the encrypted data, making it harder for victims to identify the encrypted files simply by spotting such extensions. In ...
- CloudKeys in the Air: Tracking Malicious Operations of Exposed IAM Keys
October 30, 2023
Unit 42 researchers have identified an active campaign we are calling EleKtra-Leak, which performs automated targeting of exposed identity and access management (IAM) credentials within public GitHub repositories. As a result of this, the threat actor associated with the campaign was able to create multiple AWS Elastic Compute (EC2) instances that they used for wide-ranging ...
- TA571 Delivers IcedID Forked Loader
October 30, 2023
Proofpoint researchers identified TA571 delivering the Forked variant of IcedID in two campaigns on 11 and 18 October 2023. Both campaigns included over 6,000 messages, each impacting over 1,200 customers in a variety of industries globally. Emails in the campaigns purported to be replies to existing threads. This is known as thread hijacking. The emails contained ...
- ING CISO says data sharing is key to financial cybersecurity
October 30, 2023
Compliance has been the traditional focus of IT departments in financial institutions, but as cyber threats continue to evolve, the financial industry needs to look to each other to help protect the wider ecosystem. Finextra spoke with Beate Zwijnenberg, chief information security officer at ING, about some of the challenges the bank is facing across ...
- Casio Data Breach Impacts Customers in 149 Countries
October 27, 2023
Japanese electronics colossus Casio Computer Co., Ltd. has suffered a data breach on its ClassPad education platform, impacting customers in 149 countries. A technical failure on October 11, 2023, alerted Casio to the cyber intrusion that culminated in an unauthorized entity accessing the ClassPad development database on October 12, 2023. Casio launched an investigation and confirmed ...
- Police warn Israelis not to answer unknown calls
October 27, 2023
The Israel Police warned citizens on Friday not to answer phone or video calls from numbers they don’t recognize—particularly from abroad—following a surge of suspicious calls reported to authorities. “The purpose of the calls may be to cause panic and harassment and may be part of attempts to take over the WhatsApp accounts,” per a ...

