‘Landfall’ spyware abused Samsung zero‑day (CVE‑2025‑21042) to hack Galaxy phones for months — patched in April: What happened and how to stay safe
Published: November 7, 2025 Security researchers have uncovered a previously unknown, commercial‑grade Android spyware operation—dubbed Landfall—that exploited a zero‑day flaw in Samsung Galaxy phones and ran largely undetected for close to a year, with targets concentrated in parts of the Middle East. Samsung fixed the underlying vulnerability in an April 2025 firmware update, but the campaign and its methods are only now coming to light. TechCrunch+1 What is “Landfall” and how did the hack work? According to Palo Alto Networks’ Unit 42—whose research underpins today’s coverage—Landfall delivered spyware via malicious image files that abused CVE‑2025‑21042, an out‑of‑bounds write bug in