FILTERING BY: CLEAR FILTER

Android Framework: Actively Exploited Integer Overflow Zero-Day CVE-2025-48595

A critical integer overflow vulnerability in the Android Framework, identified as CVE-2025-48595, is being actively exploited in the wild to achieve unauthorized privilege escalation. Threat actors utilize this flaw to deploy "Landfall," a sophisticated commercial-grade spyware suite designed for clandestine surveillance and data exfiltration. By leveraging this zero-day alongside CVE-2025-48593, attackers can bypass security boundaries to gain system-level access and complete device control. This exploitation allows for the interception of sensitive personal and enterprise data, bypassing traditional network-level security controls. Google addressed these vulnerabilities in the June 2026 Android Security Bulletin.

WhatsApp Blocks NSO Group Pegasus Spyware Campaign

Meta has intercepted a targeted spear-phishing campaign by NSO Group aimed at deploying Pegasus spyware to WhatsApp users in Jordan and Lebanon. The attack utilizes sophisticated social engineering templates and malicious redirection URLs to bypass traditional security controls and achieve device compromise. This campaign directly violates a 2025 permanent federal injunction against NSO Group. In response, Meta is pursuing legal contempt motions to enforce judicial orders, moving beyond technical disruption to aggressive litigation to protect user privacy and platform integrity.


LINK COPIED TO CLIPBOARD