LANDFALL Spyware Targets Samsung Devices via CVE-2025-21042 Exploit
Wednesday, November 12, 2025
Top 5 Cybersecurity Stories You Should Know
-
LANDFALL Spyware Targets Samsung Devices via CVE-2025-21042 Exploit — tl;dr: Unit 42 has identified LANDFALL, a new commercial-grade Android spyware targeting Samsung Galaxy devices, exploiting the zero-day vulnerability CVE-2025-21042 in Samsung's image processing library. Delivered through malformed DNG image files via WhatsApp, this spyware enables comprehensive surveillance, including microphone recording and location tracking. Active since mid-2024, LANDFALL remained undetected until its discovery in 2025. Samsung has since patched the vulnerability, mitigating ongoing risks. Users are advised to ensure their devices are updated and remain vigilant against suspicious messages.
↪ https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/ -
October 2025 CVE Landscape: 32 High-Impact Vulnerabilities Identified — tl;dr: In October 2025, Recorded Future's Insikt Group reported 32 high-impact vulnerabilities, a significant rise from September's 16. Notably, Microsoft accounted for eight of these vulnerabilities, while CVE-2025-61882, exploited by the CL0P ransomware group, allowed unauthenticated remote code execution in Oracle E-Business Suite. This highlights the ongoing risk posed by legacy systems and unpatched applications, with five of the identified RCE vulnerabilities being over a decade old. Organizations are urged to prioritize immediate remediation of these vulnerabilities to mitigate potential exploitation and data breaches.
↪ https://malware.news/t/october-2025-cve-landscape/101401 -
November 2025 Security Update: Adobe & Microsoft Address Multiple CVEs — tl;dr: In November 2025, Adobe and Microsoft released critical security updates addressing numerous vulnerabilities. Adobe patched 29 CVEs across products including InDesign and Photoshop, with no known active exploits. Microsoft issued updates for 63 CVEs, including a critical Windows Kernel vulnerability (CVE-2025-62215) under active attack, and several remote code execution vulnerabilities in Microsoft Office and Visual Studio Code. Users are advised to prioritize patching the critical vulnerabilities, especially those related to active exploits, and to consider disabling the Preview Pane in Office to mitigate potential risks.
↪ https://www.zerodayinitiative.com/blog/2025/11/11/the-november-2025-security-update-review -
Palo Alto Networks Warns of Exploited Firewall Vulnerabilities CVE-2025-0108 and CVE-2025-0111 — tl;dr: Palo Alto Networks has identified active exploitation of three vulnerabilities in PAN-OS, specifically CVE-2025-0108, CVE-2025-0111, and CVE-2024-9474. The flaws allow unauthorized access and privilege escalation on unpatched firewalls. Despite patches released on February 12, 2025, many devices remain vulnerable, with a significant number of exposed management interfaces still unprotected. Organizations are urged to immediately patch these vulnerabilities or secure their management interfaces to prevent potential system compromises. The U.S. CISA has added CVE-2025-0108 to its 'Known Exploited Vulnerabilities' catalog, emphasizing the urgency of remediation.
↪ https://www.bleepingcomputer.com/news/security/palo-alto-networks-tags-new-firewall-bug-as-exploited-in-attacks/ -
Workday Confirms Data Breach; Speed Cameras in Netherlands Disabled by Cyber Attack — tl;dr: Workday, a leading HR technology provider, has confirmed a data breach affecting personal information from a third-party database, raising concerns about potential social engineering scams. Meanwhile, speed cameras in the Netherlands were disabled due to a cyber attack, prompting investigations into the security of such systems. Other incidents include a ransomware attack on Inotiv, exposing 162,000 files, and a significant breach at Allianz Life affecting 1.1 million customers. Organizations are advised to enhance their cybersecurity measures and stay vigilant against potential phishing attempts following these incidents.
↪ https://infosec-mashup.santolaria.net/p/infosec-mashup-34-2025
Featured LufSec Resource
AI Hacking: Secure Large Language Models — Red-team and harden LLM apps with practical guardrails.
Explore →
Connect with LufSec
- YouTube: https://www.youtube.com/@lufsec
- Instagram: https://www.instagram.com/lufsec
