Kinetic Potential Blog

Samsung has released its monthly security updates for Android, including a fix for a security vulnerability that it said has been exploited in zero-day attacks.

The vulnerability, CVE-2025-21043 (CVSS score: 8.8), concerns an out-of-bounds write that could result in arbitrary code execution.

"Out-of-bounds Write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code," Samsung said in an advisory. "The patch fixed the incorrect implementation."

According to a 2020 report from Google Project Zero, libimagecodec.quram.so is a closed-source image parsing library developed by Quramsoft that implements support for various image formats.

The critical-rated issue, per the South Korean electronics giant, affects Android versions 13, 14, 15, and 16. The vulnerability was privately disclosed to the company on August 13, 2025.

US Senator Ron Wyden, D-Ore., on Wednesday sent a letter to the Federal Trade Commission (FTC), urging it to investigate Microsoft’s cybersecurity practices and hold it accountable for gross negligence.

Microsoft’s security lapses, the senator says, have led to ransomware attacks on critical infrastructure organizations, including healthcare entities, putting patient care at risk, and threatening national security.

In his letter (PDF) to FTC Chairman Andrew Ferguson, senator Wyden argues that Windows, the widely used operating system that Microsoft has monopoly over, is “incredibly vulnerable to ransomware infections” in its default configuration.

According to the letter, Microsoft has made “dangerous software engineering decisions” that were largely hidden from corporate and government customers. These lapses could lead to an organization-wide ransomware infection if a single individual clicks on a malicious link.

US Senator Ron Wyden, D-Ore., on Wednesday sent a letter to the Federal Trade Commission (FTC), urging it to investigate Microsoft’s cybersecurity practices and hold it accountable for gross negligence.

Microsoft’s security lapses, the senator says, have led to ransomware attacks on critical infrastructure organizations, including healthcare entities, putting patient care at risk, and threatening national security.

In his letter (PDF) to FTC Chairman Andrew Ferguson, senator Wyden argues that Windows, the widely used operating system that Microsoft has monopoly over, is “incredibly vulnerable to ransomware infections” in its default configuration.

According to the letter, Microsoft has made “dangerous software engineering decisions” that were largely hidden from corporate and government customers. These lapses could lead to an organization-wide ransomware infection if a single individual clicks on a malicious link.