Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.
The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.
Read more…
Source: Malwarebytes Labs
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Void Balaur and the Rise of the Cybermercenary Industry
November 10, 2021
Cybercriminals have different motivations: for example, some malicious actors have disruptive political attacks as their objective, while others might be more inclined towards cyberespionage and gathering information on their victims. Of course, financial gain remains a powerful cybercrime motivation — perhaps even the most common one. Some malicious actors, such as ransomware operators, earn directly ...
- Lazarus hackers target researchers with trojanized IDA Pro
November 10, 2021
A North Korean state-sponsored hacking group known as Lazarus is again trying to hack security researchers, this time with a trojanized pirated version of the popular IDA Pro reverse engineering application. IDA Pro is an application that converts an executable into assembly language, allowing security researchers and programmers to analyze how a program works and discover ...
- Telnyx is the latest VoIP provider hit with DDoS attacks
November 10, 2021
Telnyx is the latest VoIP telephony provider targeted with distributed denial-of-service (DDoS) attacks, causing worldwide outages since yesterday. Telnyx is a voice over Internet Protocol (VoIP) company that provides worldwide telephony services over the Internet, including in the Americas, EMEA, APAC, and Australia regions. Read more… Source: Bleeping Computer
- Critical Citrix DDoS Bug Shuts Down Network, Cloud App Access
November 10, 2021
A critical security bug in the Citrix Application Delivery Controller (ADC) and Citrix Gateway could allow cyberattackers to crash entire corporate networks without needing to authenticate. The two affected Citrix products (formerly the NetScaler ADC and Gateway) are used for application-aware traffic management and secure remote access, respectively. The federated working specialist pushed out a security ...
- Average ransomware payment for US victims more than $6 million, survey says
November 9, 2021
A new report from Mimecast has found that the US leads the way in the size of payouts following ransomware incidents. In the “State of Ransomware Readiness” study from Mimecast, researchers spoke with 742 cybersecurity professionals and found that 80% of them had been targeted with ransomware over the last two years. Of that 80%, 39% paid ...
- A set of vulnerabilities in TCP/IP stacks could leave millions of connected medical devices open to attack
November 9, 2021
Critical vulnerabilities in millions of connected devices used in hospital networks could allow attackers to disrupt medical equipment and patient monitors, as well as Internet of Things devices that control systems and equipment throughout facilities, such as lighting and ventilation systems. The vulnerable TCP/IP stacks – communications protocols commonly used in connected devices – are also ...