Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.
The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.
Read more…
Source: Malwarebytes Labs
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Advanced Threat predictions for 2021
November 19, 2020
Trying to make predictions about the future is a tricky business. However, while we don’t have a crystal ball that can reveal the future, we can try to make educated guesses using the trends that we have observed over the last 12 months to identify areas that attackers are likely to seek to exploit in ...
- Exploiting AI – How Cybercriminals Misuse and Abuse Artificial Intelligence and Machine Learning
November 19, 2020
Artificial intelligence (AI) is swiftly fueling the development of a more dynamic world. AI, a subfield of computer science that is interconnected with other disciplines, promises greater efficiency and higher levels of automation and autonomy. Simply put, it is a dual-use technology at the heart of the fourth industrial revolution. Together with machine learning (ML) ...
- Food-Supply Giant Americold Admits Cyberattack
November 19, 2020
Americold, a company whose cold-storage capabilities are integral to the U.S. food-supply chain (and soon, COVID-19 vaccine distribution), has confirmed an operations-impacting cyberattack, according to a filing with the Securities and Exchange Commission (SEC). The filing was brief and read in part: “As a precautionary measure, the company took immediate steps to help contain the incident ...
- Adventures in MQTT Part II: Identifying MQTT Brokers in the Wild
November 18, 2020
The use of publicly accessible MQTT brokers is prevalent across numerous verticals and technology fields. I was able to identify systems related to energy production, hospitality, finance, healthcare, pharmaceutical manufacturing, building management, surveillance, workplace safety, vehicle fleet management, shipping, construction, natural resource management, agriculture, smart homes and far more. Hackers have been sounding alarms about this ...
- APT10: Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign
November 17, 2020
A large-scale attack campaign is targeting multiple Japanese companies, including subsidiaries located in as many as 17 regions around the globe in a likely intelligence-gathering operation. Companies in multiple sectors are targeted in this campaign, including those operating in the automotive, pharmaceutical, and engineering sector, as well as managed service providers (MSPs). The scale and sophistication of ...
- More than 200 systems infected by new Chinese APT ‘FunnyDream’
November 17, 2020
A new Chinese state-sponsored hacking group (also known as an APT) has infected more than 200 systems across Southeast Asia with malware over the past two years. The malware infections are part of a widespread cyber-espionage campaign carried out by a group named FunnyDream, according to a new report published today by security firm Bitdefender. The attacks ...