430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Google’s latest Android security update fixes two actively exploited flaws

Google’s latest Android security update fixes 107 flaws across multiple components, including two vulnerabilities actively exploited in the wild. Google’s new Android update patches 107 vulnerabilities, including two already exploited in the wild, across system, kernel, and major vendor components. December’s Android update offers two patch levels (12-01, 12-05) for faster fixes across devices. The […]

Google Android Qualcomm flaw CVE-2026-21385

Google’s latest Android security update fixes 107 flaws across multiple components, including two vulnerabilities actively exploited in the wild.

Google’s new Android update patches 107 vulnerabilities, including two already exploited in the wild, across system, kernel, and major vendor components.

December’s Android update offers two patch levels (12-01, 12-05) for faster fixes across devices.

The two high-severity vulnerabilities that are “under limited, targeted exploitation” are:

  • CVE-2025-48572 – An elevation of privilege vulnerability in Framework
  • CVE-2025-48633 – An information disclosure vulnerability in Framework

As usual, Google did not provide technical details about the attacks exploiting the above vulnerabilities.

The tech giant also addressed the following critical vulnerabilities in the kernel component:

CVEReferencesTypeSeveritySubcomponent
CVE-2025-48623A-436580278
Upstream kernel [2]
EoPCriticalpKVM
CVE-2025-48624A-443053939
Upstream kernel
EoPCriticalIOMMU
CVE-2025-48637A-443763663
Upstream kernel [2]
EoPCriticalpKVM
CVE-2025-48638A-442540376
Upstream kernel [2]
EoPCriticalpKVM

and Qualcomm closed-source components:

CVEReferencesSeveritySubcomponent
CVE-2025-47319A-421905250*CriticalClosed-source component
CVE-2025-47372A-442619421*CriticalClosed-source component

“The most severe of these issues is a critical security vulnerability in the Framework component that could lead to remote denial of service with no additional execution privileges needed.” reads the advisory published by Google. “The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Google)