New ‘Landfall’ spyware exploited a Samsung 0-day delivered through WhatsApp messages

LANDFALL — a commercial-grade Android spyware exploiting a now-patched Samsung zero-day (CVE-2025-21042) through weaponized DNG images sent via WhatsApp, enabling zero-click compromise of Samsung Galaxy devices. This isn’t an isolated incident. LANDFALL is part of a larger DNG exploitation wave. Within months, attackers weaponized image parsing vulnerabilities across Samsung (CVE-2025-21042, CVE-2025-21043) and Apple (CVE-2025-43300 chained with WhatsApp CVE-2025-55177 for delivery) It seems like DNG image processing libraries became a new attack vector of choice – suspiciously consistent across campaigns. Samsung had two zero-days in the same library, while a parallel campaign hit iOS – all exploiting the same file format. Should we expect more? submitted by /u/Megabeets [link] [comments]Technical Information Security Content & DiscussionRead More