security bulletin Archives

BetaBeacon

December 3, 2025

Google Pixel Phones Just Got a Game‑Changing Android 16 Update

- Google has introduced new screen customizations for Pixel phones in Android 16 QPR2. - Users can now customize app icons with new shape options on the home screen. - Pixel phone users can place widgets on the lock screen by swiping left, with limited options compared to the home screen. - Other lock screen changes include a new low-light mode for the screen saver and fingerprint scanning on the switched-off display. - Users can now disable or reduce blur effects in background elements, adjust HDR intensity, and schedule expanded dark mode. - The update also adds a more flexible split-screen layout, AI-powered notifications, and strengthened parental controls. - Android 16 QPR2 includes the December security patch to fix vulnerabilities and protect against threats.

Winsage

November 12, 2025

Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws

Microsoft's November 2025 Patch Tuesday addresses a total of 63 vulnerabilities, including one actively exploited zero-day flaw (CVE-2025-62215) related to Windows Kernel Elevation of Privilege. The updates include four vulnerabilities classified as "Critical," with two for remote code execution, one for elevation of privileges, and one for information disclosure. The breakdown of vulnerabilities is as follows: - 29 Elevation of Privilege Vulnerabilities - 2 Security Feature Bypass Vulnerabilities - 16 Remote Code Execution Vulnerabilities - 11 Information Disclosure Vulnerabilities - 3 Denial of Service Vulnerabilities - 2 Spoofing Vulnerabilities This Patch Tuesday marks the first extended security update (ESU) for Windows 10, and users are encouraged to upgrade to Windows 11 or enroll in the ESU program. Microsoft has also released an out-of-band update to assist with enrollment issues. Other companies, including Adobe, Cisco, and Google, have also issued security updates in November 2025.

AppWizard

October 14, 2025

Severe Pixel vulnerability lets apps leak on-screen data like 2FA codes, Google working on December fix

A new class of Android attacks called Pixnapping allows installed applications to monitor the content displayed by other apps without requesting permissions. This attack can capture sensitive information, including Gmail previews, Google Maps timelines, and two-factor authentication codes, by exploiting Android’s rendering APIs and a hardware side channel. Pixnapping operates by manipulating Android intents to funnel pixels from a target app into the system's rendering pipeline, using timing variations from GPU compression to recover text. The attack has been demonstrated on various devices, including Google Pixel models 6 through 9 and the Samsung Galaxy S25. In February 2025, the vulnerability was disclosed to Google, which assigned it a CVE-2025-48561 rating and classified it as high risk. A patch was released in September, but a workaround was found, leading to ongoing collaboration with Google and Samsung for further fixes. Users are advised to maintain good app hygiene, avoid unknown APKs, and promptly install security updates. The researchers have not yet developed a universal mitigation app and advocate for platform-level fixes to address the vulnerabilities.

AppWizard

October 14, 2025

New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions

Recent findings reveal a vulnerability in Android devices from Google and Samsung that allows a sophisticated side-channel attack known as Pixnapping, enabling malicious actors to extract sensitive information such as two-factor authentication (2FA) codes and Google Maps timelines without user awareness. Pixnapping is a pixel-stealing framework that targets Android devices, circumventing browser protections and accessing data from non-browser applications like Google Authenticator. The attack exploits Android APIs and a hardware side-channel, allowing a malicious app to capture 2FA codes quickly. The study focused on devices running Android versions 13 to 16, with uncertainty regarding vulnerabilities in devices from other manufacturers. The attack can be executed by any Android app without special permissions, relying on user installation of the malicious app. It combines a previously disclosed vulnerability (GPU.zip) with Android's window blur API to leak rendering data. The attack manipulates the rendering pipeline to steal pixels from target apps. Three critical factors contribute to Android's susceptibility: the ability to send another app's activities to the rendering pipeline via intents, induce graphical operations on another app's pixels, and measure pixel color-dependent side effects from these operations. Google is tracking this issue as CVE-2025-48561, with a CVSS score of 5.5. Patches were released in the September 2025 Android Security Bulletin, but a workaround may re-enable Pixnapping. The vulnerability also allows attackers to determine installed applications on a device, bypassing restrictions from Android 11. Google has categorized this app list bypass as "won't fix."

AppWizard

October 14, 2025

Google tried to kill this Pixel VoLTE-enabling app, but the developer already has a fix

In early 2023, a Korean developer launched the "Pixel IMS" app, enabling VoLTE and VoWiFi on unsupported carriers for Pixel users. A recent Google update in October 2025 disrupted this functionality by closing a loophole that allowed the app to access the overrideConfig API, resulting in the app crashing when users tried to toggle these features. The overrideConfig API is restricted to apps with the MODIFYPHONESTATE permission, typically reserved for privileged system applications. The Pixel IMS app had previously used Shizuku, an open-source tool, to gain elevated privileges and access the API. Google reclassified the loophole as a high-severity privilege escalation vulnerability but did not include it in the latest security bulletin. The update added a check to the overrideConfig API, blocking access from the shell user. In response, the developer created a workaround that indirectly calls the API through an Instrumentation component, circumventing the restriction. However, this workaround is vulnerable to future patches from Google, which could remove the necessary permissions from the shell app.

AppWizard

October 13, 2025

Android Pixnapping attack can capture app data like 2FA info

Security researchers have identified a 12-year-old data-stealing attack known as Pixnapping, which targets web browsers to extract sensitive information from Android devices. This attack allows a rogue Android application to access and leak information from various apps, including Google Maps, Signal, and Venmo, as well as websites like Gmail, and can capture two-factor authentication codes from Google Authenticator. The attack utilizes a hardware side channel to access screen display pixels, employing techniques inspired by earlier research on timing attacks. A collaborative team from institutions like UC Berkeley and Carnegie Mellon University developed the modern iteration of Pixnapping, which will be presented at the 32nd ACM Conference on Computer and Communications Security. The Pixnapping framework enables a malicious app to push pixels into the rendering pipeline and read them by overlaying semi-transparent Android Activities. The attack systematically measures rendering times to infer pixel colors, allowing for the recovery of data through optical character recognition. Researchers successfully demonstrated Pixnapping on Android versions 13 to 16 across devices like the Google Pixel series and Samsung Galaxy S25. The attack does not require special permissions and exploits how the Mali GPU implements data compression, resulting in data-dependent rendering times. Pixnapping leaks only 0.6 to 2.1 pixels per second, which is still sufficient to recover Google Authenticator codes. Google has issued a patch for the underlying vulnerability tracked as CVE-2025-48561, with another patch planned for December, although there has been no evidence of exploitation in the wild. Despite attempts to mitigate Pixnapping, researchers have identified a workaround and suggest limiting an attacker's ability to compute on victim pixels as an effective strategy. They also discovered methods for attackers to identify all installed apps on a device, a capability restricted since Android 11 for privacy reasons, with Google indicating that fixing this issue may not be feasible.

BetaBeacon

October 7, 2025

An 8-year-old critical bug in the Unity game engine poses risks to Android and Windows.

A security bug in Unity, identified as CVE-2025-59489, affects the Runtime component and allows insecure loading and local file inclusion, potentially leading to code execution and information disclosure. Developers have prepared patches for supported versions, while Valve and Microsoft have released updates to prevent exploitation of the vulnerability. Popular games affected include Hearthstone, The Elder Scrolls: Blades, and DOOM (2019).

Winsage

June 12, 2025

Windows Task Scheduler Vulnerability Let Attackers Escalate Privileges

A critical security vulnerability, designated as CVE-2025-33067, has been identified in the Windows Task Scheduler, allowing attackers to escalate privileges to SYSTEM level access without prior administrative rights. This vulnerability is rated as "Important" with a CVSS score of 8.4 and is due to improper privilege management within the Windows Kernel’s task scheduling component. It affects multiple Windows versions, including Windows 10 (Versions 1607, 1809, 21H2, 22H2), Windows 11 (22H2, 23H2, 24H2), and Windows Server 2016-2025. Microsoft released security updates on June 10, 2025, to address this flaw across 27 different Windows configurations. The vulnerability requires local system access, no prior privileges, and no user interaction, making it particularly dangerous. Security researcher Alexander Pudwill discovered and disclosed the vulnerability.

AppWizard

April 19, 2025

Urgent Android Warning: Major Security Flaw Allows Hackers Full Access—Here Are the Apps You Must Delete Now

A vulnerability known as “Dirty Stream” was discovered by Microsoft, allowing malicious applications to hijack trusted apps on high-end Android devices. Although the flaw has been patched, any data accessed before the patch remains vulnerable. The vulnerability exploited the ContentProvider system in Android, enabling harmful apps to send deceptive files that could overwrite critical data in secure storage. Microsoft noted that this could lead to arbitrary code execution, giving attackers full control over applications and access to sensitive user data. Several popular Android apps were found to be vulnerable, with over four billion installations affected. It is crucial to promptly install security updates and maintain app vigilance to protect personal data.

AppWizard

March 25, 2025

NSA warned of vulnerabilities in Signal app a month before Houthi strike chat

The National Security Agency (NSA) issued an operational security bulletin in February 2025, warning employees about vulnerabilities in the encrypted messaging application Signal. This alert followed an incident where Defense Secretary Pete Hegseth accidentally shared sensitive war plans in a Signal chat shortly before U.S. military operations in Yemen. The bulletin labeled Signal as a high-value target for interception and highlighted the sophistication of Russian hacking groups using phishing tactics to breach encrypted conversations. NSA personnel were instructed not to share sensitive information via third-party messaging applications and to avoid connections with unknown individuals. National Intelligence Director Tulsi Gabbard and CIA Director John Ratcliffe testified before a Senate panel, affirming that no classified information was exchanged in the chat, but the NSA emphasized that even unclassified information should not be shared on Signal. Ratcliffe defended Signal as an approved communication tool, while both officials denied knowledge of operational details related to the military strike.