Sunday , September 21 2025
Google

Google patches 47 Android flaws, Including Actively Exploited CVE-2024-53104

infosecbulletin Wednesday , February 5 2025 Alert, Vulnerabilities

Google has released patches for 47 security flaws in Android, including one that is actively being exploited. CVE-2024-53104 (CVSS score: 7.8) is a vulnerability that allows privilege escalation in the USB Video Class (UVC) driver kernel component.

Successful exploitation of the flaw could lead to physical escalation of privilege, Google said, noting that it’s aware that it may be under “limited, targeted exploitation.”

Gmail Data exposes via ChatGPT Deep Research Agent dubbed “ShadowLeak Zero-Click” Flaw

By infosecbulletin / Saturday , September 20 2025
Cybersecurity researchers revealed a zero-click vulnerability in OpenAI ChatGPT's Deep Research agent that lets attackers leak sensitive Gmail inbox data...
Read More
Gmail Data exposes via ChatGPT Deep Research Agent dubbed “ShadowLeak Zero-Click” Flaw

Cyber attack disrupts several European airports: check-in and boarding systems affected

By infosecbulletin / Saturday , September 20 2025
Several European airports are experiencing flight delays and cancellations due to a cyber attack on a check-in and boarding systems...
Read More
Cyber attack disrupts several European airports: check-in and boarding systems affected

Hacker claim to breach Link3; 189,000 Users data up for sale

By infosecbulletin / Wednesday , September 17 2025
A threat actor claims to have breached Link3, a major IT solutions and internet service provider based in Bangladesh. The...
Read More
Hacker claim to breach Link3; 189,000 Users data up for sale

Check Point Hosts “Securing the Hyperconnected World in the AI Era” in Dhaka

By infosecbulletin / Wednesday , September 17 2025
Check point, a cyber security solutions provider hosts an event titled "securing the hyperconnected world in the AI era" at...
Read More
Check Point Hosts “Securing the Hyperconnected World in the AI Era” in Dhaka

Microsoft Confirms 900+ XSS Vulns Found in IT Services

By infosecbulletin / Tuesday , September 16 2025
Cross-Site Scripting (XSS) is one of the oldest and most persistent vulnerabilities in modern applications. Despite being recognized for over...
Read More
Microsoft Confirms 900+ XSS Vulns Found in IT Services

Daily Security Update Dated : 15.09.2025

By infosecbulletin / Monday , September 15 2025
Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
Daily Security Update Dated : 15.09.2025

IBM QRadar SIEM Vuln Let Attackers Perform Unauthorized Actions

By infosecbulletin / Monday , September 15 2025
A critical permission misconfiguration in the IBM QRadar Security Information and Event Management (SIEM) platform could allow local privileged users...
Read More
IBM QRadar SIEM Vuln Let Attackers Perform Unauthorized Actions

Major Australian Banks using Army of AI Bots to Scam Scammers

By infosecbulletin / Monday , September 15 2025
Australian banks are now using bots to combat scammers. These bots mimic potential victims to gather real-time information and drain...
Read More
Major Australian Banks using Army of AI Bots to Scam Scammers

F5 to acquire CalypsoAI for $180M for Advanced AI Security Capabilities

By infosecbulletin / Saturday , September 13 2025
F5 plans to acquire CalypsoAI, which offers adaptive AI security solutions. CalypsoAI's technology will be added to F5's Application Delivery...
Read More
F5 to acquire CalypsoAI for $180M for Advanced AI Security Capabilities

AI Pentesting Tool ‘Villager’ Merges Kali Linux with DeepSeek AI for Automated Attacks

By infosecbulletin / Saturday , September 13 2025
The Villager framework, an AI-powered penetration testing tool, integrates Kali Linux tools with DeepSeek AI to automate cyber attack processes....
Read More
AI Pentesting Tool ‘Villager’ Merges Kali Linux with DeepSeek AI for Automated Attacks

The specific details about the vulnerability have not been shared, but Linux kernel developer Greg Kroah-Hartman mentioned in early December 2024 that it originates in the Linux kernel, first appearing in version 2.6.26, released in mid-2008.

Specifically, it has to do with an out-of-bounds write condition that could arise as a result of parsing frames of type UVC_VS_UNDEFINED in a function named “uvc_parse_format()” in the “uvc_driver.c” program.

This flaw could lead to memory corruption, program crashes, or unauthorized code execution.

It’s unclear who is exploiting the vulnerability, but GrapheneOS suggests it could be misused by forensic data extraction tools for physical privilege escalation.

Google’s monthly security updates also fixed a critical flaw in Qualcomm’s WLAN component (CVE-2024-45569, CVSS score: 9.8) that could cause memory corruption.

Google has released two security patch levels, 2025-02-01 and 2025-02-05, to help Android partners quickly address similar vulnerabilities across devices.

“Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level,” Google said.

Check Also

Palo Alto Networks User-ID Credential Agent Vuln Exposes password In Cleartext

A new vulnerability, CVE-2025-4235, in Palo Alto Networks’ User-ID Credential Agent for Windows, could reveal …

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin