Samsung Galaxy devices face critical exploitation through CVE-2025-21042, a zero-day vulnerability enabling complete device takeover. CISA added this flaw to its Known Exploited Vulnerabilities catalog on November 10, 2025. Threat actors deployed LANDFALL spyware via malicious DNG image files sent through WhatsApp, requiring zero user interaction. This out-of-bounds write vulnerability in Samsung's image processing library allows remote code execution, data theft, and surveillance. Affected models include Galaxy S22, S23, S24 series, Z Fold4, and Z Flip4. Samsung patched this April 2025, but exploitation occurred for months prior. Federal agencies must remediate by December 1, 2025.

‼️Action Required‼️: Update devices immediately and scrutinize unsolicited image files!