DigitalCook Qatar

⚠️ New Android firmware‑level backdoor discovered: Keenadu

Security researchers have uncovered a sophisticated Android backdoor called Keenadu that goes beyond traditional app malware — it’s embedded directly into device firmware and loaded into every app that runs on the affected system.

📱 Key points:
• Firmware‑level infection: Keenadu was inserted during the firmware build process, meaning it’s present on devices from the moment they’re used.
• System‑wide impact: By hooking into Android’s core process, the backdoor can run modules across all apps, bypassing usual sandbox protections.
• Multiple delivery vectors: Variants have been found in system components and even in apps distributed on official and third‑party stores.
• Modular capabilities: Modules can hijack browser behaviour, interact with ads, install additional payloads and potentially exfiltrate data.
• Broad footprint: Tens of thousands of devices worldwide show signs of exposure.

🔒 What this means for organisations and users:
This threat highlights why firmware integrity, supply‑chain security and strong mobile threat detection are critical components of a modern security strategy — especially as mobile devices continue to be core endpoints in business environments.

A critical vulnerability in Microsoft’s Semantic Kernel has been identified, with a maximum severity score of CVSS 10.0.

The flaw (CVE-2026-25592) allows attackers to overwrite files on affected systems, potentially leading to severe security breaches, including system compromise or data manipulation. This vulnerability highlights the growing security risks associated with AI frameworks as they become more integrated into enterprise environments.

Why this matters:

AI orchestration tools are becoming part of production infrastructure

A single vulnerability can impact application integrity and data security

AI security must now be treated as a core component of cybersecurity strategy

As organisations accelerate AI adoption, securing AI pipelines and frameworks is no longer optional — it’s essential.

Proactive patching, continuous monitoring, and secure configuration are key to reducing exposure and maintaining trust in AI-driven systems.