Wednesday , September 10 2025
120

Android Alert: Google Patches 120 Flaws, Two Zero-Days Under Attack

infosecbulletin 7 days ago Alert, Vulnerabilities

Google released security updates for September 2025, fixing 120 security flaws in Android, including two vulnerabilities actively exploited in targeted attacks.

The vulnerabilities are listed below:

Microsft warns of active directory and office vulnarabilty

By infosecbulletin / Wednesday , September 10 2025
Microsoft has issued a new warning about a critical security vulnerability in Active Directory Domain Services, known as CVE-2025-21293. An...
Read More
Microsft warns of active directory and office vulnarabilty

(CVE-2025-10159)
Sophos Addressed Critical Auth Bypass flaw in Wireless Access Points

By infosecbulletin / Wednesday , September 10 2025
Sophos fixed an authentication bypass vulnerability in its AP6 Series Wireless Access Points, preventing attackers from obtaining admin privileges. The...
Read More
(CVE-2025-10159) Sophos Addressed Critical Auth Bypass flaw in Wireless Access Points

1.6M fitness phone call recordings exposed online

By infosecbulletin / Wednesday , September 10 2025
Security researcher Jeremiah Fowler discovered a database containing sensitive information from gym customers and staff, including names, financial details, and...
Read More
1.6M fitness phone call recordings exposed online

Microsoft September Patch Tuesday 2025 fixes 81 flaws, two zero-days

By infosecbulletin / Wednesday , September 10 2025
Microsoft patched September 2025 Patch Tuesday 81 flaws, including two publicly disclosed zero-day vulnerabilities. This Patch Tuesday addresses nine critical...
Read More
Microsoft September Patch Tuesday 2025 fixes 81 flaws, two zero-days

Elastic Security Incident : Hackers Accessed Email Account Contains Valid Credentials

By infosecbulletin / Tuesday , September 9 2025
Elastic reported a security incident caused by a breach at Salesloft Drift, leading to unauthorized access to an internal email...
Read More
Elastic Security Incident : Hackers Accessed Email Account Contains Valid Credentials

Hacker Exploit Amazon SES to Send 50K Phishing Emails

By infosecbulletin / Tuesday , September 9 2025
Researchers at Wiz discovered a complex phishing campaign using Amazon's Simple Email Service (SES) for large-scale attacks, showing how hacked...
Read More
Hacker Exploit Amazon SES to Send 50K Phishing Emails

SafePay Ransomware
SafePay Ransomware Attacks 73 Orgs in a Single Month

By infosecbulletin / Monday , September 8 2025
The global ransomware landscape continues to shift in 2025, with SafePay rapidly emerging as one of the most active and...
Read More
SafePay Ransomware SafePay Ransomware Attacks 73 Orgs in a Single Month

Bangladesh Cyber Threat Landscape- 2024
602 Vuln exploited: Afftected daily 905 IP In Bangladesh in 2024

By infosecbulletin / Sunday , September 7 2025
Bangladesh Cyber Threat Landscape 2024, by BGD e-GOV CIRT, reveals a sharp escalation in cyber threats across Bangladesh. The year...
Read More
Bangladesh Cyber Threat Landscape- 2024 602 Vuln exploited: Afftected daily 905 IP In Bangladesh in 2024

AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack

By infosecbulletin / Sunday , September 7 2025
Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account tokens and...
Read More
AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack

ISC2 Aims to Bridge DFIR Skill Gap with New Certificate

By infosecbulletin / Saturday , September 6 2025
ISC2 has launched a Threat Handling Foundations Certificate to assist cybersecurity experts in enhancing Digital Forensics and Incident Response (DFIR)...
Read More
ISC2 Aims to Bridge DFIR Skill Gap with New Certificate

CVE-2025-38352 (CVSS score: 7.4): A privilege escalation flaw in the Linux Kernel component

CVE-2025-48543 (CVSS score: N/A): A privilege escalation flaw in the Android Runtime component

Google stated that both vulnerabilities can cause local privilege escalation without needing extra execution privileges. Additionally, they highlighted that no user interaction is necessary for exploitation.

The tech giant did not reveal how the issues have been weaponized in real-world attacks and if they are being put to use in tandem, but acknowledged there are indications of “limited, targeted exploitation.”

Benoît Sevens of Google’s Threat Analysis Group (TAG) has been credited with discovering and reporting the upstream Linux Kernel flaw, indicating that it may have been abused as part of targeted spyware attacks.

Google has fixed several vulnerabilities in Framework and System components, including remote code execution, privilege escalation, information disclosure, and denial-of-service issues.

Google released two security patches, 2025-09-01 and 2025-09-05, to help Android partners fix vulnerabilities quickly across devices.

“Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level,” Google said.

Check Also

Bangladesh Cyber Threat Landscape- 2024
602 Vuln exploited: Afftected daily 905 IP In Bangladesh in 2024

Bangladesh Cyber Threat Landscape 2024, by BGD e-GOV CIRT, reveals a sharp escalation in cyber …

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin