Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Samsung image processing library zero-day RCE (CVE-2025-21042)

Vulnerability
First reported
Last updated
Happening score
H score 63
4 unique sources, 5 articles

Summary

Hide ▲

CVE-2025-21042 is a Samsung image processing library flaw that was exploited as a zero-day to deliver LANDFALL spyware and achieve remote code execution on affected Samsung Galaxy devices before Samsung’s April patch. The exploitation path involved a specially crafted DNG image delivered through WhatsApp, and CISA later cited the campaign as part of a broader wave of attacks against mobile messaging apps and high-value users. The same vulnerability thread is now also linked to a Samsung campaign targeting Galaxy devices in the Middle East.

Cases

Samsung image library flaw used to deliver LANDFALL spyware (5)

Related Happenings

SilentGlass launch as a monitor-connection protection security device

Security Tool/Service
First: 22.04.2026 18:00 Last: 22.04.2026 18:00 Sources 1

About this happening: The **UK National Cyber Security Centre** has released **SilentGlass**, a plug-and-play device that blocks unexpected or malicious signals between **HDMI** or **display port** con...

Open Happening

SparkCat malware variant in App Store and Google Play apps steals wallet recovery phrases

Malware Activity
First: 03.04.2026 12:10 Last: 03.04.2026 12:10 Sources 1

About this happening: The **SparkCat** malware resurfaced in a new variant inside apps on the **Apple App Store** and **Google Play Store**, increasing the risk of mobile crypto wallet theft. The malwa...

Open Happening

NoVoice Android malware hidden in Google Play apps

Malware Activity
First: 01.04.2026 21:07 Last: 01.04.2026 21:07 Sources 1

About this happening: **NoVoice** Android malware was found hidden in **more than 50 Google Play apps**, exposing **at least 2.3 million downloads** to compromise. After installation, it used **old And...

Open Happening

Operation Triangulation updated iPhone espionage campaign

Campaign
First: 26.03.2026 15:10 Last: 26.03.2026 15:10 Sources 1

About this happening: The **Operation Triangulation** espionage lineage has resurfaced through **Coruna**, extending **zero-click iPhone** targeting to newer **A17** and **M3** devices and **iOS 17.2**...

Open Happening

Coruna iOS exploit analysis ties updated Triangulation kernel exploit lineage

Technical Analysis
First: 26.03.2026 15:10 Last: 26.03.2026 15:10 Sources 1

About this happening: **Coruna** has been linked to an **updated** exploit lineage from **Operation Triangulation**, showing that a long-running iPhone attack framework continues to evolve and can stil...

Open Happening

Timeline

  1. 07.11.2025 20:00 3 articles · 6mo ago

    LANDFALL DNG samples appear by July 23, 2024

    Exploitation Observed

    Malicious DNG image artifacts associated with LANDFALL are dated to July 23, 2024, establishing an early sample date for the spyware payloads and exploit material tied to Samsung Galaxy Android devices.

    Show sources
    Open in new tab
  2. 07.11.2025 20:00 3 articles · 6mo ago

    LANDFALL DNG samples appear by July 23, 2024

    Exploitation Observed

    Malicious DNG image artifacts associated with LANDFALL are dated to July 23, 2024, establishing an early sample date for the spyware payloads and exploit material tied to Samsung Galaxy Android devices.

    Show sources
    Open in new tab
  3. 07.11.2025 17:29 4 articles · 6mo ago

    Palo Alto Networks discloses Landfall spyware on Samsung Galaxy phones

    Initial Disclosure

    Palo Alto Networks identified Landfall as an Android spyware campaign that exploited CVE-2025-21042 in a Samsung image processing library to achieve remote code execution, likely by delivering a specially crafted DNG image through WhatsApp in a zero-click exploit. The campaign targeted Samsung Galaxy S22, S23, S24, Z Fold4, and Z Flip4 phones, with Palo Alto Networks tracking the threat actor as CL-UNK-1054 and noting malicious DNG samples tied to individuals in Iran, Iraq, Turkey, and Morocco.

    Show sources
    Open in new tab
  4. 07.11.2025 17:29 4 articles · 6mo ago

    Palo Alto Networks discloses Landfall spyware on Samsung Galaxy phones

    Initial Disclosure

    Palo Alto Networks identified Landfall as an Android spyware campaign that exploited CVE-2025-21042 in a Samsung image processing library to achieve remote code execution, likely by delivering a specially crafted DNG image through WhatsApp in a zero-click exploit. The campaign targeted Samsung Galaxy S22, S23, S24, Z Fold4, and Z Flip4 phones, with Palo Alto Networks tracking the threat actor as CL-UNK-1054 and noting malicious DNG samples tied to individuals in Iran, Iraq, Turkey, and Morocco.

    Show sources
    Open in new tab
  5. 07.11.2025 17:29 4 articles · 6mo ago

    Palo Alto Networks discloses Landfall spyware on Samsung Galaxy phones

    Initial Disclosure

    Palo Alto Networks identified Landfall as an Android spyware campaign that exploited CVE-2025-21042 in a Samsung image processing library to achieve remote code execution, likely by delivering a specially crafted DNG image through WhatsApp in a zero-click exploit. The campaign targeted Samsung Galaxy S22, S23, S24, Z Fold4, and Z Flip4 phones, with Palo Alto Networks tracking the threat actor as CL-UNK-1054 and noting malicious DNG samples tied to individuals in Iran, Iraq, Turkey, and Morocco.

    Show sources
    Open in new tab