CVE-2025-48606

CVE-2025-48606 is a logic-error-based vulnerability in Android’s InstallPackageHelper.java (preparePackage) that can cause an app to appear hidden at install, without an uninstall mechanism, enabling local privilege escalation with no extra execution privileges and no user interaction. It is docu...

Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams

A mobile ad fraud operation dubbed IconAds that consisted of 352 Android apps has been disrupted, according to a new report from HUMAN. The identified apps were designed to load out-of-context ads on a user's screen and hide their icons from the device home screen launcher, making it harder for...