Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.
The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.
Read more…
Source: Malwarebytes Labs
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- NSO Group Pegasus Spyware Aims at Finnish Diplomats
January 31, 2022
The controversial Pegasus spyware, developed by NSO Group, has been found on the devices of Finland’s diplomatic corps serving outside the country as part of a wide-ranging espionage campaign, according to Finnish officials. They also said the infections were of the zero-click variety. “The highly sophisticated malware has infected users’ Apple or Android telephones without their noticing ...
- Shuckworm Continues Cyber-Espionage Attacks Against Ukraine
January 31, 2022
he Russia-linked Shuckworm group (aka Gamaredon, Armageddon) is continuing to conduct cyber-espionage attacks against targets in Ukraine. Over the course of recent months, Symantec’s Threat Hunter Team, a part of Broadcom Software, has found evidence of attempted attacks against a number of organizations in the country. Active since at least 2013, Shuckworm specializes in cyber-espionage campaigns ...
- Cybersecurity and Drones: How to Address the Security Threats
January 30, 2022
The Unmanned Aerial Systems (UAS) industry has become a massive technological playground worldwide. Their extensive applications make UAS very popular for the public and the private sector. Armed forces, agricultural industry, law enforcement, meteorological agencies, medical services, environmental companies, and oil refineries are but a few out of the excessive list of UAS users. UAS ...
- LockBit gang claims it stole data from French Ministry of Justice
January 28, 2022
The French government is investigating claims from the LockBit ransomware gang that data was stolen from the Ministry of Justice. “The French Ministry of Justice is aware of the alert and has immediately taken actions to proceed to the needed verifications, in collaboration with the competent services in this field,” a government spokesperson told ZDNet. The Ministry ...
- Lazarus APT Uses Windows Update to Spew Malware
January 28, 2022
Lazarus Group is using Windows Update to spray malware in a campaign powered by a GitHub command-and-control (C2) server, researchers have found. On Thursday, the Malwarebytes Threat Intelligence team reported that they discovered the North Korean state advanced persistent threat (APT) group’s latest living-off-the-land technique while analyzing a spear-phishing campaign that its researchers discovered 10 days ...
- QNAP warns NAS users of DeadBolt ransomware, urges customers to update
January 27, 2022
Taiwanese network-attached storage giant QNAP urged its customers to update their systems this week after the DeadBolt ransomware was discovered targeting all NAS instances exposed to the internet. “QNAP urges all QNAP NAS users to follow the security setting instructions below to ensure the security of QNAP NAS and routers, and immediately update QTS to the ...