Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.
The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.
Read more…
Source: Malwarebytes Labs
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors
May 15, 2023
The Lancefly advanced persistent threat (APT) group is using a custom-written backdoor in attacks targeting organizations in South and Southeast Asia, in activity that has been ongoing for several years. Lancefly may have some links to previously known groups, but these are low confidence, which led researchers at Symantec, by Broadcom Software, to classify this activity ...
- Data of 5.82M PharMerica patients stolen, accessed during cyberattack
May 15, 2023
More than 5.81 million patients tied to PharMerica have been notified that their data was accessed and stolen during a March cyberattack. The long-term care pharmacy solution provider reported the breach to the Office of the Maine Attorney General on May 12. On March 14, PharMerica “learned of suspicious activity” on its network and worked to ...
- CISA Adds Seven Known Exploited Vulnerabilities to Catalog
May 12, 2023
CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-25717 Multiple Ruckus Wireless Products CSRF and RCE Vulnerability CVE-2021-3560 Red Hat Polkit Incorrect Authorization Vulnerability CVE-2014-0196 Linux Kernel Race Condition Vulnerability Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- Britain’s largest private pension scheme reveals scale of Capita break-in
May 12, 2023
Universities Superannuation Scheme, the UK’s largest private pension provider, says Capita has warned that details of almost half a million members were held on servers accessed during the recent breach. The USS made the disclosure today, saying that it uses Capita technology platform, Hartlink, to manage in-house pension administration processes, and was working closely with the ...
- Why Microsoft just patched a patch that squashed an under-attack Outlook bug
May 12, 2023
Microsoft in March fixed an interesting security hole in Outlook that was exploited by miscreants to leak victims’ Windows credentials. This week the IT giant fixed that fix as part of its monthly Patch Tuesday update. To remind you of the original bug, tracked as CVE-2023-23397: it was possible to send someone an email that included ...
- CISA and FBI Release Joint Advisory in Response to Active Exploitation of PaperCut Vulnerability
May 11, 2023
CISA and FBI have released a joint Cybersecurity Advisory (CSA), Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG. This joint advisory provides details related to an exploitation of PaperCut MF/NG vulnerability (CVE-2023-27350). FBI observed malicious actors exploit CVE-2023-27350 beginning in mid-April 2023 and continuing through the present. In early May 2023, FBI observed a ...