InfoSecBulletin Cybersecurity for mankind
Qualcomm has issued security patches for three zero-day vulnerabilities in the Adreno GPU driver, affecting many chipsets that are being actively exploited in targeted attacks.
The company reported two major flaws (CVE-2025-21479 and CVE-2025-21480) identified by the Google Android Security team in late January, and a third serious vulnerability (CVE-2025-27038) was reported in March.
ALERT
Thousands of IP addresses compromised nationwide: CIRT warn
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks
Critical RCE Flaw Patched in Roundcube Webmail
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
CVE-2023-39780
Botnet hacks thousands of ASUS routers
The first two issues are Graphics framework authorization weaknesses that can cause memory corruption through unauthorized GPU command execution. CVE-2025-27038 is a use-after-free vulnerability that also leads to memory corruption when rendering graphics with Adreno GPU drivers in Chrome.
“There are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation,” Qualcomm warned in a Monday advisory.
“Patches for the issues affecting the Adreno Graphics Processing Unit (GPU) driver have been made available to OEMs in May together with a strong recommendation to deploy the update on affected devices as soon as possible.”
Recently, the company has fixed several chipset security flaws that could allow attackers to access users’ text messages, call history, media files, and real-time conversations.
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
