Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.
The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.
Read more…
Source: Malwarebytes Labs
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- All Plex users should reset passwords in wake of data breach
September 10, 2025
Popular media server and streaming platform, Plex, warned its users about losing their sensitive data in a cyberattack, and urged them to update their passwords as a result. In a forum post published on September 8, Plex said it recently experienced a security incident with “limited impact”, when an unauthorized third party accessed a subset of ...
- Notes of cyber inspector: three clusters of threat in cyberspace
September 10, 2025
Hacktivism and geopolitically motivated APT groups have become a significant threat to many regions of the world in recent years, damaging infrastructure and important functions of government, business, and society. In late 2022 Kaspersky predicted that the involvement of hacktivist groups in all major geopolitical conflicts from now on will only increase and this is what ...
- Unmasking The Gentlemen Ransomware: Tactics, Techniques, and Procedures Revealed
September 9, 2025
In August 2025, Trend Micro investigated a new ransomware campaign orchestrated by The Gentlemen, an emerging and previously undocumented threat group. This threat actor quickly established itself within the threat landscape by demonstrating advanced capabilities through their systematic compromise of enterprise environments. By adapting their tools mid-campaign—shifting from generic anti-AV utilities to highly targeted, specific variants—the ...
- UK: Jeremy Clarkson’s Cotswolds pub targeted in cyber attack
September 7, 2025
Jeremy Clarkson’s pub has become the latest victim of cyber-criminals who managed to steal £27,000 from the establishment. The Farmer’s Dog fell prey to hackers who employed sophisticated methods to infiltrate the accounts of the Cotswolds venue during a recent digital assault. The criminals made off with the substantial sum in an attack reminiscent of those ...
- Columbia University data breach hits 870,000 people
September 6, 2025
Columbia University recently confirmed a major cyberattack that compromised personal, financial, and health-related information tied to students, applicants, and employees. The victims include current and former students, employees, and applicants. Notifications to affected individuals began on August 7 and are continuing on a rolling basis. Columbia, one of the oldest Ivy League universities, discovered the breach ...
- CMS Sitecore patches critical zero-day flaw
September 5, 2025
Popular CMS platform Sitecore has patched a critical zero-day vulnerability found to be being abused in cyberattacks. Security researchers from Mandiant observed threat actors exploiting a zero-day flaw to deploy malware, as well as other legitimate software. The flaw stemmed from the use of sample ASP.NET machine keys published in old deployment guides (pre-2017), and is ...