Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.
The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.
Read more…
Source: Malwarebytes Labs
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs
December 9, 2021
In this blog entry, Trend Micro researchers share the findings of an investigation on the internet of things (IoT) Linux malware and analyzed how these malware families have been evolving. Trend Micro relied on the tactics, techniques, and procedures (TTPs) of MITRE ATT&CK to define the malware capabilities and characteristics that we saw. Trend Micro study ...
- Hundreds of thousands of MikroTik devices still vulnerable to botnets
December 9, 2021
Approximately 300,000 MikroTik routers are vulnerable to critical vulnerabilities that malware botnets can exploit for cryptomining and DDoS attacks. MikroTik is a Latvian manufacturer of routers and wireless ISPs who has sold over 2,000,000 devices globally. In August, the Mēris botnet exploited vulnerabilities in MikroTik routers to create an army of devices that performed a record-breaking DDoS ...
- Grinchbots strike again this holiday shopping season as bot traffic spikes 73%
December 8, 2021
The days are getting chilly, holiday drinks are back on the menu at your favorite café and family gatherings are planned. In an almost pavlovian response, Grinchbots have also returned in record levels to ruin your online holiday shopping experience. In the State of Security Within eCommerce in 2021, Imperva Research Labs predicted that bad bots ...
- Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products
December 8, 2021
On September 16, 2021, the Apache Software Foundation disclosed five vulnerabilities affecting the Apache HTTP Server (httpd) 2.4.48 and earlier releases. For a description of these vulnerabilities, see the Apache HTTP Server 2.4.49 section of the Apache HTTP Server 2.4 vulnerabilities webpage. This advisory will be updated as additional information becomes available. Read more… Source: CISCO
- Suspected Russian Activity Targeting Government and Business Entities Around the Globe
December 8, 2021
As the one-year anniversary of the discovery of the SolarWinds supply chain compromise passes, Mandiant remains committed to tracking one of the toughest actors we have encountered. These suspected Russian actors practice top-notch operational security and advanced tradecraft. However, they are fallible, and we continue to uncover their activity and learn from their mistakes. Ultimately, ...
- When Scammers Get Scammed, They Take It to Cybercrime Court
December 7, 2021
Blocked from legitimate courts, cybercriminals have set up their own system for settling disputes, handing over ultimate decision-making to senior underground forum administrators who have awarded claims totaling as much as $20 million. A new report from Analyst1 details activities inside these underground systems and found more than 600 requests for mediation on just one Russian-language ...