AI-Powered Malware Emerges as Critical Zero-Click Flaw Hits Billions of Android Devices

Publication Date: November 6, 2025

Summary

This cybersecurity brief for November 6, 2025, covers a landmark shift in the threat landscape with Google's discovery of AI-powered malware like PROMPTFLUX, which uses LLMs to mutate its own code. Concurrently, a critical zero-click RCE vulnerability (CVE-2025-48593) was disclosed for Android versions 13-16, posing a severe risk to billions of users. Other major incidents include the Qilin ransomware gang's claimed breach of Habib Bank AG Zurich, a cyberattack on the U.S. Congressional Budget Office, and a supply chain attack by Cl0p impacting The Washington Post via an Oracle zero-day.

Today New Articles

U.S. Congressional Budget Office Breached by Suspected Foreign Actor

The U.S. Congressional Budget Office (CBO), the nonpartisan agency that provides economic analysis to Congress, confirmed on November 6, 2025, that it suffered a significant cybersecurity breach. The attack is suspected to be the work of a foreign government,...

Cisco Warns of New DoS Attacks Actively Exploiting Firewall Flaws

Cisco has issued an urgent warning about a new attack variant actively targeting its Secure Firewall products. Threat actors are chaining two previously disclosed vulnerabilities, CVE-2025-20333 and CVE-2025-20362, to cause a denial-of-service (DoS) condition...

Critical SQL Injection Flaw in Django Framework Puts Web Apps at Risk

The Django project has released urgent security updates to patch a critical SQL injection vulnerability, CVE-2025-64459, rated 9.1 on the CVSS scale. The flaw affects Django versions 4.2, 5.1, 5.2, and the 6.0 beta. It allows an attacker to manipulate database...

Washington Post Confirms Breach in Cl0p's Oracle Supply Chain Attack

The Washington Post confirmed on November 6, 2025, that it was a victim of the widespread supply chain attack orchestrated by the Cl0p ransomware gang. The attack exploited a zero-day vulnerability in Oracle's E-Business Suite (EBS), a widely used enterprise s...

Zscaler: 239 Malicious Apps on Google Play Downloaded 42 Million Times

A new report from Zscaler's ThreatLabz, published November 5, 2025, reveals a dramatic 67% year-over-year increase in Android malware. Researchers identified 239 malicious applications that successfully bypassed Google Play Store security, amassing a collectiv...

Hackers Hijack Logistics Systems to Orchestrate Physical Cargo Heists

A new and growing form of hybrid crime is targeting the supply chain, where cybercriminals infiltrate freight and logistics companies to facilitate physical cargo theft. According to recent reports, threat actors compromise carrier systems, often using legitim...

Article Updates

CISA Adds Actively Exploited Gladinet and CWP Flaws to KEV Catalog

Update:Further analysis of CVE-2025-48703 in Control Web Panel reveals specific exploitation details. The OS command injection occurs in the file manager's `changePerm` endpoint via the `t_total` parameter. An authentication bypass is possible by knowing a valid non-...