Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.
The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.
Read more…
Source: Malwarebytes Labs
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- 2023 CWE Top 25 Most Dangerous Software Weaknesses
June 29, 2023
The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2023 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses. The CWE Top 25 is calculated by analyzing public vulnerability data in the National Vulnerability Data (NVD) for root cause mappings to ...
- Paracetamol maker Granules India flags significant operations hit from cyber attack
June 29, 2023
Granules India on Thursday warned of a significant loss of revenue and profitability due to a cyber security attack that the pharmaceuticals company faced late last month. Due to significant changes in its IT systems, the IT security incident caused a major disruption in its business operations, the Paracetamol maker said in an exchange filing. Read more… Source: ...
- Virtual kidnapping: How AI voice cloning tools and Chat GPT are being used to aid cybercrime and extortion scams
June 28, 2023
New technologies, such as artificial intelligence (AI) and machine learning (ML), are typically developed to boost productivity, increase efficiency, and make our lives easier. Unfortunately, cybercriminals have also found ways to exploit them for ill gain. Recently, malicious actors have abused AI technology to accurately impersonate real people as part of their attacks and scams. Cases ...
- Manic Menagerie 2.0: The Evolution of a Highly Motivated Threat Actor
June 28, 2023
Unit 42 researchers discovered an active campaign that targeted several web hosting and IT providers in the United States and European Union from late 2020 to late 2022. Unit 42 tracks the activity associated with this campaign as CL-CRI-0021 and believes it stems from the same threat actor responsible for the previous campaign known as ...
- Andariel’s silly mistakes and a new malware family
June 28, 2023
Andariel, a part of the notorious Lazarus group, is known for its use of the DTrack malware and Maui ransomware in mid-2022. During the same period, Andariel also actively exploited the Log4j vulnerability as reported by Talos and Ahnlab. Their campaign introduced several new malware families, such as YamaBot and MagicRat, but also updated versions ...
- Securing the AI Pipeline
June 27, 2023
Artificial intelligence (AI) is a hot topic these days, and for good reason. AI is a powerful tool. In fact, Mandiant analysts and responders are already using Bard in their workflows to identify threats faster, eliminate toil, and better scale talent and expertise. Organizations are keen to understand how best to integrate it into their ...

