Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.
The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.
Read more…
Source: Malwarebytes Labs
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- 15 million French citizens affected by massive data breach following cyberattack on medical software
February 27, 2026
A massive data breach concerning the data of 15 million people in France has been revealed after a cyberattack targeted 1,500 doctors using medical software. The administrative data of around 15 million French citizens, along with notes written by their doctors, were leaked in a large-scale breach targeting 1,500 doctors using a medical software from Cegedim ...
- Ransomware payments drop to record low, even as attacks surge
February 27, 2026
Ransomware groups have never been this active, but have also never extorted this little money, new research has claimed. Market analysts Chainalysis found the number of ransomware incidents in 2025 rose by 50% compared to the previous year, earning criminals $820 million – although this number may still rise as more incidents are attributed to ransomware ...
- CISA and Partners Release Guidance for Ongoing Global Exploitation of Cisco SD-WAN Systems
February 25, 2026
CISA and partners have observed malicious cyber actors targeting and compromising Cisco SD-WAN systems of organizations, globally. These actors have been observed exploiting a previously undisclosed authentication bypass vulnerability, CVE-2026-20127, for initial access before escalating privileges using CVE-2022-20775 and establishing long-term persistence in Cisco SD-WAN systems. Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Sign up for the ...
- Exposing the Undercurrent: Disrupting the GRIDTIDE Global Cyber Espionage Campaign
February 25, 2026
Last week, Google Threat Intelligence Group (GTIG), Mandiant, and partners took action to disrupt a global espionage campaign targeting telecommunications and government organizations in dozens of nations across four continents. The threat actor, UNC2814, is a suspected People’s Republic of China (PRC)-nexus cyber espionage group that GTIG has tracked since 2017. This prolific, elusive actor has ...
- North Korea’s Lazarus Group targets healthcare orgs with Medusa ransomware
February 24, 2026
North Korea’s Lazarus Group appears to have added another tool to its kit. It has begun using Medusa ransomware in extortion attacks targeting at least one US healthcare organization and an unnamed victim in the Middle East, according to Symantec and Carbon Black threat hunters. The US healthcare attempt failed, while the Middle East organization was ...
- Fake Zoom meeting “update” silently installs surveillance software
February 24, 2026
A fake Zoom meeting website is silently pushing surveillance software onto Windows machines. Visitors land on a convincing imitation of a Zoom video call. Moments later, an automatic “Update Available” countdown downloads a malicious installer—without asking for permission. The software being installed is a covert build of Teramind, a commercial monitoring tool companies use to record ...