CVE-2025-48595 in the Android Framework enables privilege escalation already being exploited on devices running Android 14 or newer and is being actively weaponized by commercial spyware and state-sponsored actors against journalists and decision-makers.
The time window between vulnerability disclosure and patch deployment becomes a critical security gap due to AI-accelerated exploitation and patch implementation challenges — approximately one-third of ransomware incidents could have been prevented through patching.
Anthropic’s AI project Glasswing enables manufacturers to systematically identify and fix multiple times the usual number of security vulnerabilities per update.
Authentication flaw in Palo Alto GlobalProtect is being actively exploited; attackers can bypass VPN protection and infiltrate corporate networks, making immediate security patching essential.