In a groundbreaking revelation that surprised absolutely no one, Samsung Galaxy Android devices welcomed an unexpected guest: the LANDFALL spyware. Thanks to a delightful out-of-bounds write flaw, the malware had the time of its life, living it up like it had an all-exclusive resort pass in the Middle East.

The newly discovered digital Airbnb loophole, CVE-2025-21042, received a stunning CVSS score of 8.8, which is coincidentally also the number of times Samsung’s marketing team has rebranded the same phone model. In a world where everything is smart, Samsung devices have just redefined the concept of smart home integration, by including remote attackers in their ecosystem.

Samsung has since patched the flaw, but not before LANDFALL had the opportunity to collect frequent flyer miles bouncing from one Galaxy to another. One can only admire malware’s ability to travel more freely than a human during a global pandemic. So, next time your phone runs out of battery suspiciously fast, just remember, it might be hosting more guests than you know.