Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.
The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.
Read more…
Source: Malwarebytes Labs
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- IIoT chip maker Advantech hit by ransomware, $12.5 million ransom
November 28, 2020
The Conti ransomware gang hit the systems of industrial automation and Industrial IoT (IIoT) chip maker Advantech and is now demanding a $14 million ransom to decrypt affected systems and to stop leaking stolen company data. Advantech is a global leading manufacturer of IT products and solutions, including embedded PCs, network devices, IoT, servers, and healthcare ...
- New MacOS Backdoor Connected to OceanLotus Surfaces
November 27, 2020
Trend Micro researchers have recently discovered a new backdoor we believe to be related to the OceanLotus group. Some of the updates of this new variant (detected by Trend Micro as Backdoor.MacOS.OCEANLOTUS.F) include new behavior and domain names. As of writing, this sample is still undetected by other antimalware solutions. Due to similarities in dynamic behavior ...
- Sophos notifies customers of data exposure after database misconfiguration
November 26, 2020
UK-based cyber-security vendor Sophos is currently notifying customers via email about a security breach the company suffered earlier this week. “On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support,” the company said in an email sent to customers and ...
- Ransomware hits largest US fertility network, patient data stolen
November 26, 2020
US Fertility, the largest network of fertility centers in the U.S., says that some of its systems were encrypted in a ransomware attack that affected the company two months ago, in September 2020. The US Fertility (USF) network is comprised of 55 locations across 10 states that completed almost 25,000 IVF cycles in 2018 through its ...
- Laser-Based Hacking from Afar Goes Beyond Amazon Alexa
November 26, 2020
Imagine someone hacking into an Amazon Alexa device using a laser beam and then doing some online shopping using that person account. This is a scenario presented by a group of researchers who are exploring why digital home assistants and other sensing systems that use sound commands to perform functions can be hacked by light. The ...
- Belden networking giant’s company data stolen in cyberattack
November 25, 2020
Network device manufacturer Belden was hit with a cyberattack that allowed threat actors to steal files containing information about employees and business partners. Belden is a US-based manufacturer of network connectivity devices, including routers, firewalls, switches, cabling, and connectors. Belden generated $2.5 billion in revenue for 2019 and employs approximately 9,000 people. Read more… Source: Bleeping Computer