Tag: google
-
12 Fraudulent Browser Extensions Disguised as TikTok Downloaders Compromise 130K Users
LayerX security researchers have uncovered a massive, highly coordinated campaign involving at least 12 malicious browser extensions on the Google Chrome and Microsoft Edge marketplaces. Disguised as legitimate TikTok video downloaders, these extensions secretly track user activity and harvest sensitive data. The operation has successfully compromised over 130,000 users, with approximately 12,500 installations still active…
-
Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution
Google’s highest security setting for its agents runs command operations through a sandbox and throttles network access, but is still vulnerable to prompt injection. First seen on cyberscoop.com Jump to article: cyberscoop.com/google-antigravity-pillar-security-agent-sandbox-escape-remote-code-execution/
-
Chrome Privacy Concerns Rise as Expert Warns of Fingerprinting Risks
A privacy expert warns Chrome still allows browser fingerprinting and tracking, raising concerns after Google’s shift away from third-party cookie changes. The post Chrome Privacy Concerns Rise as Expert Warns of Fingerprinting Risks appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-chrome-browser-fingerprinting-privacy-concerns/
-
KI-Agent eskaliert seine Rechte – Hacker können Kundenprojekte in Googles Vertex AI übernehmen
First seen on security-insider.de Jump to article: www.security-insider.de/unit42-kritische-luecke-gcp-vertex-ai-service-accounts-a-e8341154f6fdfaa8d3a1e9d0af42eda5/
-
Third-party AI hack triggers Vercel breach, internal environments accessed
Vercel suffered a breach after a hacked Context.ai tool exposed an employee account, letting attackers access limited internal systems and non-sensitive data. Vercel reported a security breach caused by the compromise of a third-party AI tool, Context.ai, used by one of its employees. The attacker took over the employee’s Google Workspace account and used it…
-
AI platform ATHR makes voice phishing a one-person job
For $4,000 and a cut of the take, a lone criminal can now run a fully automated voice-phishing operation via ATHR, a plaform that spoofs emails alerts from Google, Microsoft, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/20/athr-voice-phishing-ai-platform/
-
Kein Word, kein ChatGPT, kein Google: Was passiert, wenn man eine Woche auf europäische Software setzt
First seen on t3n.de Jump to article: t3n.de/news/kein-word-kein-chatgpt-kein-google-1728129/
-
Critical flaw in Protobuf library enables JavaScript code execution
Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google’s Protocol Buffers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-flaw-in-protobuf-library-enables-javascript-code-execution/
-
Researcher Claims Claude Opus Enabled Creation of Working Chrome Exploit
A security researcher has shown that Anthropic’s Claude Opus can help build a working browser exploit chain against Google Chrome’s V8 engine, raising fresh concerns about how quickly AI can speed up offensive security work. The experiment was published by Mohan Pedhapati, also known as s1r1us, CTO of Hacktron, and it arrived just days after…
-
Researcher Claims Claude Opus Enabled Creation of Working Chrome Exploit
A security researcher has shown that Anthropic’s Claude Opus can help build a working browser exploit chain against Google Chrome’s V8 engine, raising fresh concerns about how quickly AI can speed up offensive security work. The experiment was published by Mohan Pedhapati, also known as s1r1us, CTO of Hacktron, and it arrived just days after…
-
Researcher Claims Claude Opus Enabled Creation of Working Chrome Exploit
A security researcher has shown that Anthropic’s Claude Opus can help build a working browser exploit chain against Google Chrome’s V8 engine, raising fresh concerns about how quickly AI can speed up offensive security work. The experiment was published by Mohan Pedhapati, also known as s1r1us, CTO of Hacktron, and it arrived just days after…
-
Wie Hacker über GitHub-Kommentare KI-Agenten von Google und Anthropic kapern
Ein Sicherheitsforscher hat eine neue Form der Prompt Injection aufgedeckt, die populäre KI-Tools wie Claude Code, Gemini CLI und GitHub Copilot verwundbar macht. Über präparierte Kommentare und PR-Titel können Hacker Schadcode ausführen und sensible API-Schlüssel extrahieren. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/github-kommentare-ki
-
Datenleck bei Upwork-Konkurrent Fiverr: Sensible Dokumente von Freelancern bei Google abrufbar
First seen on t3n.de Jump to article: t3n.de/news/fiverr-datenleck-freelancer-dokumente-google-abrufbar-1738385/
-
RSF-Kritik an Angriff auf redaktionelle Freiheit: Google lässt Überschriften automatisiert per KI umformulieren
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/rsf-kritik-google-umformulierung-ueberschriften-ki
-
We beat Google’s zero-knowledge proof of quantum cryptanalysis
Tags: ai, application-security, attack, best-practice, computer, computing, control, cryptography, data, exploit, google, group, Hardware, metric, programming, risk, rust, technology, tool, update, vulnerabilityTwo weeks ago, Google’s Quantum AI group published a zero-knowledge proof of a quantum circuit so optimized, they concluded that first-generation quantum computers will break elliptic curve cryptography keys in as little as 9 minutes. Today, Trail of Bits is publishing our own zero-knowledge proof that significantly improves Google’s on all metrics. Our result is…
-
Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul
Google this week announced a new set of Play policy updates to strengthen user privacy and protect businesses against fraud, even as it revealed it blocked or removed over 8.3 billion ads globally and suspended 24.9 million accounts in 2025.The new policy updates relate to contact and location permissions in Android, allowing third-party apps to…
-
Google wipes out 602 million scam ads with Gemini on duty
Google claims that its security teams work around the clock using its Gemini AI models to detect and stop harmful ads. >>Bad actors are using generative AI to create … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/17/google-gemini-harmful-ads-blocking/
-
Android 17 Beta 4 arrives with post-quantum cryptography and new memory limits
Google shipped Android 17 Beta 4 on April 16, marking the last scheduled beta in the Android 17 release cycle. The build targets app compatibility testing and platform … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/17/android-17-beta-4-released/
-
Android 17 Beta 4 arrives with post-quantum cryptography and new memory limits
Google shipped Android 17 Beta 4 on April 16, marking the last scheduled beta in the Android 17 release cycle. The build targets app compatibility testing and platform … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/17/android-17-beta-4-released/
-
Google Deploys Gemini AI to Stop Threat Actors, Blocking 8.3 Billion Ads
Google has significantly escalated its fight against cybercriminals, deploying its advanced Gemini AI to neutralize malicious advertising campaigns. By leveraging generative AI, the tech giant intercepted more than 99% of these harmful advertisements before they ever reached end users. This milestone marks a major shift in how cybersecurity defenses handle automated threats. Threat actors have…
-
Researchers Say Fiverr Left User Files Open to Google Search
Private Fiverr user documents, including tax records and IDs, were reportedly found in Google search results due to a storage configuration issue. Read more about the findings and the company’s response to the data exposure. First seen on hackread.com Jump to article: hackread.com/fiverr-left-user-files-open-to-google-search/
-
Researchers Say Fiverr Left User Files Open to Google Search
Private Fiverr user documents, including tax records and IDs, were reportedly found in Google search results due to a storage configuration issue. Read more about the findings and the company’s response to the data exposure. First seen on hackread.com Jump to article: hackread.com/fiverr-left-user-files-open-to-google-search/
-
Researchers Say Fiverr Left User Files Open to Google Search
Private Fiverr user documents, including tax records and IDs, were reportedly found in Google search results due to a storage configuration issue. Read more about the findings and the company’s response to the data exposure. First seen on hackread.com Jump to article: hackread.com/fiverr-left-user-files-open-to-google-search/
-
Google Play is changing how Android apps access your contacts and location
Google’s new set of Google Play policy updates and account transfer feature strengthen user privacy and protect businesses from fraud. Google is also expanding features for … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/16/google-play-store-policy-updates/
-
Google expands Gemini AI use to fight malicious ads on its platform
Google says it is increasingly using its Gemini AI models to detect and block harmful ads on its advertising platforms, as scammers and threat actors continue to evolve their tactics to evade detection. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/google/google-expands-gemini-ai-use-to-fight-malicious-ads-on-its-platform/
-
Cisco FMC Zero-Day Among 31 High-Impact Vulnerabilities Exploited in March
31 high-impact vulnerabilities were actively exploited in March 2026, with a Cisco firewall zero-day abused by the Interlock ransomware group emerging as one of the most dangerous threats to enterprise networks. Affected vendors span core enterprise and developer ecosystems, including Cisco, Microsoft, Google, ConnectWise, Langflow, Citrix, Aquasecurity, Nginx UI, Qualcomm, F5, Craft CMS, Laravel, Apple,…
-
Chrome Privacy Vulnerability Exposes Users via Fingerprinting and Header Leaks
A new technical review of Google Chrome’s privacy posture shows that modern tracking no longer depends only on cookies, because websites can combine browser fingerprinting, storage tricks, and HTTP header leaks to identify users with surprising accuracy. Chrome has reduced some obvious signals, but many high-value surfaces such as canvas rendering, WebGL, audio processing, Client…
-
Audit: Big Tech Often Ignores CA Privacy Law Opt-Out Requests
Google, Meta, and Microsoft about half the time don’t comply with requests to opt out of online tracking per a California law mandate, privacy watchdog finds. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/audit-big-tech-ignores-data-collection-requests