Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.
The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.
Read more…
Source: Malwarebytes Labs
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- BazaLoader Masquerades as Movie-Streaming Service
May 26, 2021
There’s a new, fake movie-streaming service in town called BravoMovies, and the offerings are utter garbage. Despite its pretty pictures and fun-sounding titles, it’s got nothing to offer for download besides BazaLoader malware. BazaLoader is a loader used to deploy ransomware or other types of malware and to steal sensitive data from victimized systems. On Wednesday, Proofpoint ...
- New Rowhammer attack exploits the design of ever-shrinking and more dense DRAM chips
May 26, 2021
Google has detailed its work discovering a new Rowhammer vulnerability dubbed “Half-Double”, which evolves the style of attack on DRAM memory first reported in 2014 and suggests the Rowhammer problem won’t go away soon. The Rowhammer attack is unusual because it aims to cause “bit flips” by rapidly and repeatedly accessing data in one memory row ...
- Evolution of JSWorm ransomware
May 25, 2021
Over the past few years, the ransomware threat landscape has been gradually changing. We have been witness to a paradigm shift. From the massive outbreaks of 2017, such as WannaCry, NotPetya, and Bad Rabbit, a lot of ransomware actors have moved to the covert but highly profitable tactic of “big-game hunting”. News of ransomware causing ...
- Crimes of Opportunity: Increasing Frequency of Low Sophistication Operational Technology Compromises
May 25, 2021
Attacks on control processes supported by operational technology (OT) are often perceived as necessarily complex. This is because disrupting or modifying a control process to cause a predictable effect is often quite difficult and can require a lot of time and resources. However, Mandiant Threat Intelligence has observed simpler attacks, where actors with varying levels ...
- Russian dark web marketplace Hydra cryptocurrency transactions reached $1.37bn in 2020
May 25, 2021
An investigation into the Hydra marketplace has revealed surging transaction volumes and a thriving — albeit illicit — cryptocurrency ecosystem. On Tuesday, Flashpoint and Chainalysis jointly released a report into Hydra, a marketplace in the dark web. At its inception in 2015, Hydra was well-known for the sale of narcotics, but as time has gone on, the ...
- VMware warns of critical bug affecting all vCenter Server installs
May 25, 2021
VMware urges customers to patch a critical remote code execution (RCE) vulnerability in the Virtual SAN Health Check plug-in and impacting all vCenter Server deployments. “These updates fix a critical security vulnerability, and it needs to be considered at once,” said Bob Plankers, Technical Marketing Architect at VMware. Read more… Source: Bleeping Computer