Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.
The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.
Read more…
Source: Malwarebytes Labs
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Babuk Locker is the first new enterprise ransomware of 2021
January 5, 2021
t’s a new year, and with it comes a new ransomware called Babuk Locker that targets corporate victims in human-operated attacks. Babuk Locker is a new ransomware operation that launched at the beginning of 2021 and has since amassed a small list of victims from around the world. From ransom negotiations with victims seen by BleepingComputer, demands ...
- US government formally blames Russia for SolarWinds hack
January 5, 2021
Four US cyber-security agencies, including the FBI, CISA, ODNI, and the NSA, have released a joint statement today formally accusing the Russian government of orchestrating the SolarWinds supply chain attack. US officials said that “an Advanced Persistent Threat (APT) actor, likely Russian in origin” was responsible for the SolarWinds hack, which officials described as “an intelligence ...
- Telegram Triangulation Pinpoints Users’ Exact Locations
January 5, 2021
A feature that allows Telegram users to see who’s nearby can be misused to pinpoint your exact distance to other users – by spoofing one’s latitude and longitude. According to bug-hunter Ahmed Hassan, the “People Nearby” feature could allow an attacker to triangulate the location of unsuspecting Telegram users. The feature is disabled by default, but ...
- Major Gaming Companies Hit with Ransomware Linked to APT27
January 5, 2021
A recent slew of related ransomware attacks on top videogame companies has been associated with the notorious Chinese-linked APT27 threat group, suggesting that the advanced persistent threat (APT) is swapping up its historically espionage centralized tactics to adopt ransomware, a new report says. Researchers noticed the “strong links” to APT27 when they were brought in as ...
- ElectroRAT Drains Cryptocurrency Wallet Funds of Thousands
January 5, 2021
A new remote access tool (RAT) has been discovered being used in an extensive campaign. The attack has targeted cryptocurrency users in an attempt to collect their private keys and ultimately to drain their wallets. The never-before-seen RAT at the center of the campaign, which researchers dub ElectroRAT, is written in the Go programming language and ...
- Malware uses WiFi BSSID for victim identification
January 4, 2021
Malware operators who want to know the location of the victims they infect usually rely on a simple technique where they grab the victim’s IP address and check it against an IP-to-geo database like MaxMind’s GeoIP to get a victim’s approximate geographical location. While the technique isn’t very accurate, it is still the most reliable method ...