Protect.Computer
NEWS

Android patches Qualcomm zero-day exploited in attacks

· 0 min read · Data hijack
Android patches Qualcomm zero-day exploited in attacks

Photo by BleepingComputer on BleepingComputer

What happened

Google released March Android security updates addressing 129 vulnerabilities, including an actively exploited zero-day affecting a Qualcomm graphics/display-related component used in Android devices.

Why this matters

  • Active exploitation means attackers are already using this bug in real-world campaigns.
  • Android fragmentation can delay patch adoption across vendors and carriers.
  • High-severity memory corruption flaws can enable privilege escalation, data access, or device compromise.

What users and admins should do

  1. Install the latest Android security update immediately on supported devices.
  2. Prioritize patching high-risk populations first (executives, journalists, admins, and users handling sensitive data).
  3. Verify enterprise mobile management baselines enforce minimum patch levels.
  4. Retire or isolate devices that are no longer receiving vendor updates.

Bottom line

This is a patch-now event. If a device has not received March updates yet, treat it as elevated risk until patched or replaced.

Related reading

News
Critical Microsoft SharePoint RCE (CVE-2026-20963) is now actively exploited

CISA added CVE-2026-20963 to KEV after active exploitation, with attackers targeting on-prem SharePoint servers vulnerable to unauthenticated remote code execution.

News
Drift Protocol suspends withdrawals after Security Council takeover drains hundreds of millions

Drift says it is handling an active security incident after attackers seized administrative control and drained an estimated $280M+, freezing key protocol functions.

News
Google Drive ransomware detection is now generally available for Workspace tiers

Google says Drive ransomware detection is now GA with a newer model that detects more infections and pauses sync when suspicious encryption is detected.

News
Attackers abuse .arpa and IPv6 reverse DNS to evade phishing detection

Infoblox reports phishing actors abusing ip6.arpa reverse DNS and IPv6 tunnel allocations to bypass domain-reputation controls and deliver short-lived phishing chains.