Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.
The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.
Read more…
Source: Malwarebytes Labs
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- AWS’s Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation
April 19, 2022
ollowing Log4Shell, AWS released several hot patch solutions that monitor for vulnerable Java applications and Java containers and patch them on the fly. Each solution suits a different environment, covering standalone servers, Kubernetes clusters, Elastic Container Service (ECS) clusters and Fargate. The hot patches aren’t exclusive to AWS environments and can be installed onto any ...
- Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
April 19, 2022
Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware software technology is responsible for running billions of public and private devices and mechanisms currently in use. DDS is integral in embedded systems that require real-time machine-to-machine communication, facilitating a reliable ...
- TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies
April 18, 2022
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Treasury Department (Treasury) are issuing this joint Cybersecurity Advisory (CSA) to highlight the cyber threat associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) group since at least 2020. This group is commonly ...
- UK Prime Minister, Catalan groups ‘targeted by NSO Pegasus spyware’
April 18, 2022
Citizen Lab has reported finding suspected surveillance software on devices associated with both the UK Prime Minister’s Office and what was formerly called the British Foreign and Commonwealth Office. The Canadian research outfit also said it had identified at least 65 individuals linked with Catalan civil society groups in Spain who were targeted by, or infected ...
- Lazarus Targets Chemical Sector
April 14, 2022
Symantec, a division of Broadcom Software, has observed the North Korea-linked advanced persistent threat (APT) group known as Lazarus conducting an espionage campaign targeting organizations operating within the chemical sector. The campaign appears to be a continuation of Lazarus activity dubbed Operation Dream Job, which was first observed in August 2020. Symantec tracks this sub-set ...
- US Treasury links North Korean hacker group Lazarus to $600M Axie Infinity heist
April 14, 2022
The US Treasury Department on Thursday linked a notorious North Korean hacking group to a massive $600 million cyber breach last month. The connection was clear when the Treasury Department updated its sanctions listing for the hacking group, called Lazarus Group. The federal agency added a cryptocurrency address that was used to steal $600 million from ...