A critical zero-click vulnerability in Android allows attackers to gain remote shell access without any user interaction. Separately, a severe Apache HTTP Server flaw exposes millions of servers to remote code execution, and a new Ivanti EPMM 0-day is being actively exploited in the wild. On the defensive front, Google Chrome 148 patches 127 security issues, including three critical vulnerabilities.
Android Zero-Click and Apache RCE Vulnerabilities
The Android zero-click flaw grants attackers a remote shell with no user action required, making it particularly dangerous for mobile users. Meanwhile, the Apache HTTP Server vulnerability affects millions of servers worldwide, enabling attackers to execute arbitrary code remotely. The Ivanti EPMM 0-day is already under active exploitation, requiring immediate patching for organizations using the mobile device management platform.
Chrome 148 and Linux Privilege Escalation Fixes
Google Chrome 148 addresses 127 security flaws, three of which are rated critical and could allow arbitrary code execution in the browser. On Linux, the “Dirty Frag” vulnerability allows local attackers to gain root privileges on most distributions by exploiting fragmentation handling in the kernel. Users are urged to update both Chrome and their Linux kernels immediately to mitigate these risks.
Emerging Threats and Attack Campaigns
A new infostealer campaign leverages GitHub Releases for payload hosting and evasion, while the PamDOORa backdoor targets Linux systems to steal SSH credentials. The PCPJack worm is actively targeting Docker, Kubernetes, Redis, and MongoDB environments for credential theft. Additionally, hackers are abusing a signed Logitech installer to deploy the TCLBANKER banking Trojan, and a separate campaign uses fake OpenClaw installers to steal crypto wallet and password manager credentials. On the AI front, attackers have used Claude AI to target water and drainage utility systems, and the DarkMoon platform offers an AI-powered autonomous penetration testing tool with over 50 integrated capabilities.
Source: Cyber Security News
