Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities

April 8, 2025
No Comments

Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities

Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild.
The two high-severity vulnerabilities are listed below –

CVE-2024-53150 (CVSS score: 7.8) – An out-of-bounds flaw in the USB sub-component of Kernel that could result in information disclosure
CVE-2024-53197 (CVSS score: 7.8) – A privilege escalation flaw in the USB sub-component of Kernel

Leave a Reply Cancel reply

Fortinet Uncovers New Post-Exploitation Technique Targeting FortiGate Devices April 14, 2025
Fortinet discovered a new technique used by threat actors to maintain access to FortiGate devices, even after known vulnerabilities were patched. The company has since taken action to notify affected customers and provide mitigation guidance. What Happened? Fortinet’s internal security team found that malicious actors were exploiting known vulnerabilities—specifically FG-IR-22-398, FG-IR-23-097, and FG-IR-24-015—to gain access […]
Kirsten Doyle
Unpacking IABs: The Middlemen Fueling Ransomware Attacks April 14, 2025
The U.S. remained the top target for Initial Access Brokers (IABs), with 31% of all access listings aimed at American entities. But in 2024, Brazil (7%) and France (5%) have emerged as fast-rising targets. Analysts believe this shift could be due to expanding digital infrastructure and relatively weaker cybersecurity defenses in these countries. This was […]
Kirsten Doyle
Law Enforcement Targets Smokeloader Botnet Customers in Operation Endgame Follow-Up April 11, 2025
Authorities across North America and Europe have launched a coordinated enforcement action against users of the Smokeloader botnet, marking a significant development in the ongoing Operation Endgame. The latest actions follow the major takedown of five key malware droppers in May 2024—IcedID, SystemBC, Pikabot, Smokeloader, and Bumblebee—under the operation codenamed Operation Endgame. This operation disrupted […]
Kirsten Doyle
Shuckworm Escalates Attacks, Targets Foreign Military Presence in Ukraine April 11, 2025
A notorious Russian-linked cyber espionage group dubbed Shuckworm has intensified its operations in Ukraine by targeting the military mission of a Western country based in the region. This latest campaign, which ran from late February through March 2025, demonstrates a concerning evolution in the group’s methods and a renewed focus on military intelligence gathering. Shuckworm, […]
Kirsten Doyle
Cybercriminals are exploiting universities’ weakness in document management April 11, 2025
Universities are under enormous pressure. With rising tuition fees, falling enrollment numbers—with prospective students opting for apprenticeships over student debt—and inflation driving up costs, the last thing they need is a cyberattack caused by outdated legacy systems and poor document management. Unfortunately, this is the reality for many institutions. According to the UK government’s Cyber […]
Andy MacIsaac
CISA Warns of Two Known Exploited Vulnerabilities April 11, 2025
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence they are being actively exploited. The first, CVE-2025-30406, is a Gladinet CentreStack Use of Hard-coded Cryptographic Key Vulnerability The second, CVE-2025-29824, is a Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability Both of these types of vulnerabilities are […]
ISB Staff Reporter
Beyond the Breach: The Ongoing Impact of the Change Healthcare Attack April 10, 2025
In February 2024, Change Healthcare was the target of a massive ransomware attack that is now known as the most significant data breach in American history. Thousands of healthcare providers across the country rely on Change Healthcare’s solutions and services, including the exchange of healthcare data and financial transactions between healthcare providers, insurers, and patients. […]
Michael Gray
Nations Commit to Curbing the Spread of Spyware April 9, 2025
Following over a year of work on the agreement, twenty-one nations signed The Pall Mall Process in Paris to govern the use of spyware. The Pall Mall Process is an international, multi-stakeholder initiative aimed at identifying and implementing political commitments to counter the proliferation and irresponsible use of commercially available cyber intrusion capabilities—which often manifest […]
Kirsten Doyle
WhatsApp Flaw Exposes Users to Malicious Attacks April 9, 2025
A critical vulnerability in WhatsApp for Windows, tracked as CVE-2025-30401, allowed malicious actors to execute malicious code via seemingly harmless file attachments. This flaw affected all versions of WhatsApp Desktop prior to 2.2450.6. WhatsApp said the vulnerability stemmed from a mismatch in how WhatsApp handled file attachments: it displayed files based on their MIME type […]
Kirsten Doyle
Sweet and Sticky: Irresistible Honeytokens for the Craftiest Cyber Bees April 9, 2025
Let’s face it: If an attacker is already inside your system, you need to know fast. HoneyTokens are lightweight traps that blend seamlessly into your infrastructure, acting as silent traps. The moment an attacker interacts with one, it triggers an alert, giving you real-time visibility into the breach and a chance to stop it before […]
Jeff Morrison

Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities

CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks

CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation

Leave a Reply Cancel reply

[email protected]

Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities

Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities

Share :

Leave a Reply Cancel reply