Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.
The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.
Read more…
Source: Malwarebytes Labs
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- SonicWall releases urgent notice about ‘imminent’ ransomware targeting firmware
July 14, 2021
Networking device maker SonicWall sent out an urgent notice to its customers about “an imminent ransomware campaign using stolen credentials” that is targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life 8.x firmware. In addition to the notice posted to its website, SonicWall sent an email to anyone ...
- The Underground Exploit Market and the Importance of Virtual Patching
July 13, 2021
Over the past two calendar years, we conducted research on the underground exploit market to learn more about the life cycle of exploits, the kinds of buyers and sellers who transact, and the business models that are in effect in the underground. We detail our findings in our research paper “The Rise and Imminent Fall ...
- Operation SpoofedScholars: Iranian hackers posed as academics in a bid to steal email passwords
July 13, 2021
An Iranian cyber espionage campaign used spoofed identities of real academics at a UK university in phishing attacks designed to steal password details of experts in Middle Eastern affairs from universities, think tanks and the media. Detailed by cybersecurity researchers at Proofpoint, who’ve dubbed it Operation SpoofedScholars, the campaign also compromised a university-affiliated website in an ...
- Modipwn: code execution vulnerability discovered in Schneider Electric Modicon PLCs
July 13, 2021
A vulnerability discovered in Schneider Electric (SE) Modicon programmable logic controllers (PLCs) allows full takeover of the industrial chips. Discovered by Armis researchers, the vulnerability can be used to bypass existing security mechanisms in PLCs to hijack the devices and potentially impact wider industrial setups. The authentication bypass vulnerability, dubbed Modipwn, has been assigned as CVE-2021-22779. Read ...
- REvil ransomware gang’s web sites mysteriously shut down
July 13, 2021
The infrastructure and websites for the REvil ransomware operation have mysteriously gone offline as of last night. The REvil ransomware operation, aka Sodinokibi, operates through numerous clear web and dark web sites used as ransom negotiation sites, ransomware data leak sites, and backend infrastructure. Starting last night, the websites and infrastructure used by the REvil ransomware operation ...
- Adobe Patches 11 Critical Bugs in Popular Acrobat PDF Reader
July 13, 2021
Eleven critical bugs in Adobe’s popular and free PDF reader, Acrobat, open both Window and macOS users to attacks ranging from an adversary arbitrarily executing commands on a targeted system to data leakage tied to system-read and memory flaws. In a Tuesday security bulletin, which included patches for all flaws, the company reported that Windows and ...