Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Android Pixnapping side-channel flaw (CVE-2025-48561)

Vulnerability
First reported
Last updated
Happening score
H score 30
2 unique sources, 2 articles

Summary

Hide ▲

Pixnapping is a side-channel vulnerability in Android that lets a malicious app with no permissions steal pixels from apps and websites and reconstruct sensitive content. The attack has been shown against Google Pixel 6/7/8/9 and Samsung Galaxy S25 devices on Android 13 through 16, including Google Authenticator 2FA codes, Gmail emails, Signal messages, and Google Maps data, with 2FA codes recoverable in less than 30 seconds. Google tracks the issue as CVE-2025-48561 and tried to fix it in the September 2025 Android update, but researchers bypassed that mitigation; Google expects a more complete fix in the December 2025 Android security update.

Related Happenings

Google Cloud Platform API key revocation testing finds minutes-long post-deletion authentication

Technical Analysis
First: 21.05.2026 23:07 Last: 21.05.2026 23:07 Sources 1

About this happening: Testing showed **deleted Google Cloud Platform API keys** could still authenticate for **minutes after revocation**, creating a post-deletion abuse window that weakens **incident...

Open Happening

Android 17 expands platform security and privacy protections

Security Tool/Service
First: 12.05.2026 20:00 Last: 12.05.2026 20:00 Sources 1

About this happening: **Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...

Open Happening

BirdCall Android spyware variant

Malware Activity
First: 05.05.2026 12:04 Last: 05.05.2026 12:04 Sources 1

About this happening: The **BirdCall** Android spyware variant expanded a known **Windows** backdoor into a mobile surveillance tool with **file exfiltration** and device reconnaissance capabilities. I...

Open Happening

EngageLab SDK intent redirection security flaw

Vulnerability
First: 09.04.2026 20:26 Last: 09.04.2026 20:26 Sources 1

About this happening: A **now-patched intent redirection vulnerability** in the **EngageLab SDK** could let **malicious apps** bypass the **Android security sandbox** and access private data in apps us...

Open Happening

SparkCat malware variant in App Store and Google Play apps steals wallet recovery phrases

Malware Activity
First: 03.04.2026 12:10 Last: 03.04.2026 12:10 Sources 1

About this happening: The **SparkCat** malware resurfaced in a new variant inside apps on the **Apple App Store** and **Google Play Store**, increasing the risk of mobile crypto wallet theft. The malwa...

Open Happening

Timeline

  1. 14.10.2025 14:18 3 articles · 7mo ago

    Pixnapping Android side-channel flaw disclosed

    Initial Disclosure

    Researchers disclosed Pixnapping, a side-channel attack against Android devices from Google and Samsung that can steal 2FA codes, Google Maps timelines, and other sensitive data from victim apps such as Google Authenticator without special app permissions. The technique uses Android intents, semi-transparent activities, Android's window blur API, and a GPU side-channel to force victim pixels into the rendering pipeline and measure blur timing, and Google tracks the issue as CVE-2025-48561 with a CVSS score of 5.5. Google issued patches in the September 2025 Android Security Bulletin, but a workaround can re-enable exploitation and the related app-list bypass remains marked "won't fix."

    Show sources
    Open in new tab