Phone chipmaker Qualcomm fixes three zero-days exploited by hackers
Chipmaker giant Qualcomm released patches on Monday fixing a series of vulnerabilities in dozens of chips, including three zero-days that the company said may be in use as part of hacking campaigns.
Qualcomm cited Google's Threat Analysis Group, or TAG, which investigates government-backed cyberattacks, saying the three flaws 'may be under limited, targeted exploitation.'
According to the company's bulletin, Google's Android security team reported the three zero-days (CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038) to Qualcomm in February. Zero-days are security vulnerabilities that are not known to the software or hardware maker at the time of their discovery, making them extremely valuable for cybercriminals and government hackers.
Because of Android's open source and distributed nature, it's now up to device manufacturers to apply the patches provided by Qualcomm, which means some devices may still be vulnerable for several more weeks, despite the fact that there are patches available.
Contact Us Do you have more information about these Qualcomm zero-days? Or other zero-day exploits or zero-day makers? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or
Do you have more information about these Qualcomm zero-days? Or other zero-day exploits or zero-day makers? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email .
Qualcomm said in the bulletin that the patches 'have been made available to [device makers] in May together with a strong recommendation to deploy the update on affected devices as soon as possible.'
Google spokesperson Ed Fernandez told TechCrunch that the company's Pixel devices are not affected by these Qualcomm vulnerabilities.
When reached by TechCrunch, a spokesperson for Google's TAG did not immediately provide more information about these vulnerabilities, and the circumstances in which TAG found them.
Qualcomm did not respond to a request for comment.
Chipsets found in mobile devices are frequent targets for hackers and zero-day exploit developers because chips generally have wide access to the rest of the operating system, which means hackers can jump from there to other parts of the device that may hold sensitive data.
In the last few months, there have been documented cases of exploitation against Qualcomm chipsets. Last year, Amnesty International identified a Qualcomm zero-day that was being used by Serbian authorities, likely by using phone unlocking tool maker Cellebrite.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
CNN
16 minutes ago
- CNN
UnitedHealthcare accused The Guardian of looking to ‘capitalize' on CEO's murder in lawsuit
UnitedHealthcare sued The Guardian and its parent on Wednesday for defamation, claiming the US version of the British daily newspaper ran information it knew to be incorrect in order to 'capitalize' on the assassination of the medical insurer's CEO. The article in question was produced and published by The Guardian's US investigations team as part of a series titled 'Too Big to Care' and was available worldwide at publication. In the article, George Joseph, an investigative reporter for The Guardian's US publication, wrote that UnitedHealth Group, UnitedHealthcare's parent, had engaged in cost-cutting tactics by paying off nurses to cut down on hospital transfers. Citing internal emails, documents and interviews with more than 20 current and former staffers, the report claimed that the payments were made 'as part of a UnitedHealth program.' Nursing home residents in need of 'immediate hospital care under the program failed to receive it' because of 'interventions from UnitedHealth staffers,' per the report. The lawsuit from UnitedHealth Group, United Healthcare Services and Optum, the group's health services segment, filed in Delaware's Superior Court, accused The Guardian of publishing 'knowingly false claims' in the story, alleging it used 'deceptively doctored documents' and 'patently untruthful anecdotes' to produce the article. 'The Guardian knew these accusations were false, but published them anyway, brazenly trying to capitalize on the tragic and shocking assassination of UnitedHealthcare's then-CEO, Brian Thompson,' the lawsuit alleged. The Guardian is strongly pushing back against UnitedHealthcare's lawsuit, emphasizing in a statement that it will defend Joseph's reporting. 'The Guardian stands by its deeply-sourced, independent reporting, which is based on thousands of corporate and patient records, publicly filed lawsuits, declarations submitted to federal and state agencies, and interviews with more than 20 current and former UnitedHealth employees — as well as statements and information provided by UnitedHealth itself over several weeks,' The Guardian said in a statement. 'It's outrageous that in response to factual reporting on the practice of secretly paying nursing homes to reduce hospitalizations for vulnerable patients, UnitedHealth is resorting to wildly misleading claims and intimidation tactics via the courts,' the publication said. The health care giant's accusations echo a statement published by UnitedHealth Group the same day The Guardian released its investigation. In the statement, the company accused the publication of building a 'narrative' using 'anecdotes rather than facts.' The company noted that the Justice Department had investigated the allegations, interviewed witnesses, and combed through thousands of documents, only to find 'the significant factual inaccuracies in the allegations.' A UnitedHealth Group spokesperson told CNN that The Guardian 'refused to engage with the truth and chose instead to print its predetermined narrative.' 'The Guardian knowingly published false and misleading claims about our Institutional Special Needs Program, forcing us to take action to protect the clinician-patient relationship that is crucial for delivering high-quality care,' the company said in a statement. However, despite the claim, a spokesperson for The Guardian told CNN that it has 'received no requests for correction or retraction on any aspect of the story.' UnitedHealthcare is being represented by Clare Locke, a law firm known for taking on defamation cases against media organizations. The firm has also represented Project Veritas; and one of its partners, Jered Ede, who is working on the UnitedHealthcare lawsuit, was also Project Veritas's chief legal officer.
Fox News
16 minutes ago
- Fox News
Hooters abruptly closes restaurants in multiple states amid bankruptcy restructuring: 'Never easy'
Hooters has closed more than 30 of its restaurants in multiple states this week, according to reports. The Atlanta-based Hooters of America locations that closed were corporately owned. "Hooters will be well-positioned to continue our iconic legacy under a pure franchise business model," the company told USA Today in a statement. "We are committed to supporting our impacted team members throughout this process and are incredibly grateful to our valued customers for their loyalty and dedication to the Hooters brand." Hooters of America recently filed for Chapter 11 bankruptcy as part of an effort to enable a founder-led buyout and restructuring of the popular restaurant chain. Fox News Digital reached out to Hooters of America for a list of the locations that closed. USA Today reported that restaurants in at least 10 states have shut down, including in Florida and Texas. Neil Kiefer, CEO of Hooters Inc., the Clearwater, Florida-based company that founded the Hooters concept in 1983, told Fox News Digital in April that his group plans to "clean these stores up" and "change the culture." Closing certain underperforming locations was always part of the plan, according to a news release from Hooters Inc. Hooters Inc. owns and operates 22 Hooters restaurants in Florida and Illinois, with two more locations slated to open in Florida later this year. Along with another existing franchisee, the Hooters buyer group collectively controls over 30% of the domestic locations, including 14 of the 30 highest-volume restaurants, according to a March 31 news release announcing the restructuring plan. Once the restructuring has been approved by a bankruptcy court, the buyer group anticipates operating about 130 Hooters restaurants – roughly 65% of the domestic Hooters locations. "We are confident that the acquisition will be finalized later this summer and we are excited to move forward into the next chapter of the Hooters brand," Kiefer told Fox News Digital. "Decisions about store closures are never easy to make, but all parties are completely aligned in bringing the necessary resources required to make the remaining 200 domestic Hooters locations as successful as possible."
CBS News
19 minutes ago
- CBS News
Vallejo police make arrest in deadly triple shooting at homeless encampment
A man suspected in a triple shooting that killed two people at a homeless encampment in Vallejo over Memorial Day weekend was arrested in San Francisco, police said. With the help of U.S. Marshals, police arrested 45-year-old Eddie Charles Sample during an operation Wednesday at a location on Cravath Street on Treasure Island. Sample was taken into custody without incident. Police said Sample is connected to a shooting that took place at an encampment near Sacramento Street and Daniels Avenue on May 26. According to officers, three adult males were found with gunshot wounds around 5:30 p.m. Officers rendered medical aid to the victims until medical personnel arrived. Two of the victims were pronounced dead at the scene, while the third victim was taken to a hospital with a life-threatening injury. Police did not release the identities of the victims. Following the shooting, investigators identified Sample as the suspect. On May 30, detectives obtained an arrest warrant and requested assistance from the U.S. Marshals Service in locating him, citing public safety concerns. "The Vallejo Police Department will continue to direct every available resource toward holding violent offenders accountable and protecting our community. I want to thank the U.S. Marshals Service and our officers for their coordinated efforts and swift action in safely apprehending the suspect responsible for this senseless act of violence," Chief Jason Ta said in a statement Thursday morning. Sample was booked into the Solano County Jail on suspicion of murder. Jail records show he is being held without bail, with a court appearance scheduled for Friday afternoon. Anyone with additional information about the case is asked to contact Detective William Carpenter or Detective Wesley Pittman over email or by calling 707-651-7146 for Carpenter or 707-334-1274 for Pittman. Tips can be given anonymously by calling 1-800-488-9383.
