Security researchers from Palo Alto Networks Unit 42 have identified a sophisticated espionage campaign known as LANDFALL, exploiting a zero-day vulnerability in select Samsung Galaxy devices via a malicious DNG image file, enabling remote code execution. This malware targets high-end models including the Galaxy S22, S23, and Z Flip 4, allowing attackers to conduct surveillance activities such as recording audio, tracking locations, and accessing sensitive data. The operation, linked to potential state-sponsored actors, underscores the evolving risks in mobile security, particularly through popular messaging platforms, highlighting the need for robust security measures and vigilant monitoring of mobile devices in sensitive environments. The vulnerability was patched by Samsung in April 2025, but prior exposure poses ongoing risks.