Tag: google
-
Google Looker Bugs Allow Cross-Tenant RCE, Data Exfil
Attackers could even have used one vulnerable Lookout user to gain access to other GCP tenants’ environments. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/google-looker-bugs-cross-tenant-rce-data-exfil
-
Major vulnerabilities found in Google Looker, putting self-hosted deployments at risk
Researchers at Tenable have disclosed two vulnerabilities, collectively referred to as “LookOut,” affecting Google Looker. Because the business intelligence platform is … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/04/google-looker-vulnerabilities-cve-2025-12743/
-
Chrome Flaws Enable Arbitrary Code Execution and System Crashes
Google has released a new Stable Channel update for Chrome (version 144.0.7559.132/.133) on February 3, 2026, addressing two high”‘severity vulnerabilities that could allow attackers to execute arbitrary code or cause system crashes. The update is rolling out gradually for Windows, macOS, and Linux users. According to Google’s security advisory, both vulnerabilities were discovered recently and could be exploited…
-
Microsoft and Google Platforms Abused in New Enterprise Cyberattacks
A dangerous shift in phishing tactics, with threat actors increasingly hosting malicious infrastructure on trusted cloud platforms like Microsoft Azure, Google Firebase, and AWS CloudFront. Unlike traditional phishing campaigns that rely on newly registered suspicious domains, these attacks leverage legitimate cloud services to bypass security defenses and target enterprise users globally. When malicious content is…
-
Chinese Money Laundering Jargon via Google’s Gemini
After having a short discussion with Gemini about Chinese Money Laundering, I could tell we weren’t quite connecting on my Mandarin-assistance requests, so I shared an example post from a Telegram “Crime-as-a-Service” group that was part of a Chinese Guarantee Syndicate. For context, these posts were made in the Tudou Guarantee Syndicate’s group dedicated to…
-
GhostChat Malware Locks Victims’ Devices, Demands Passcodes for Restoration
A new Android spyware campaign that uses romance scams and fake chat profiles to spy on users in Pakistan. The malicious app, named GhostChat and detected as Android/Spy.GhostChat.A, disguises itself as a dating chat platform but is actually built for data theft and surveillance. Instead of being listed on Google Play, it is distributed as…
-
Ex-Google Engineer Convicted of Stealing AI Data for China
Linwei Ding Faces Decades in Prison for Trade Secret Theft, Espionage. A federal jury in San Francisco convicted a former Google software engineer of stealing thousands of pages of confidential AI data and transferring it to Chinese technology companies. Linwei Ding is guilty of seven counts of economic espionage and seven counts of trade secret…
-
What’s New in Tenable Cloud Security: Multi-cloud Risk Analysis, Attack Surface Assessments, Improved IAM Security and More
Tags: ai, attack, cloud, compliance, data, data-breach, endpoint, gartner, google, governance, iam, identity, infrastructure, Internet, least-privilege, microsoft, mitigation, network, radius, risk, risk-analysis, service, supply-chain, switch, tool, training, vulnerabilityTenable Cloud Security continues to expand the technical depth of our Tenable One exposure management platform. Our latest enhancements include unified multi-cloud exploration, high-fidelity network validation, and expanded entitlement visibility across infrastructure and identity providers. Key takeaways Graph-based multi-cloud exploration: We’ve leveraged our unified data model to provide deep visibility across all cloud environments. You…
-
Why non-human identities are your biggest security blind spot in 2026
Tags: access, api, breach, cloud, control, credentials, data-breach, github, google, governance, identity, least-privilege, password, service, threat, toolThe three blind spots I keep finding: After years working in cloud security and identity management, certain patterns show up everywhere I look. Three problems in particular appear in nearly every environment I assess. Secrets where they should never be. I still find API keys hardcoded in source files. Still. In 2026. Last year, GitGuardian…
-
Arsink RAT Targets Android Devices to Steal Sensitive Data and Enable Remote Access
Arsink is a cloud-native Android Remote Access Trojan (RAT) that steals sensitive data and grants attackers deep control over infected devices. In several builds, larger media is pushed through Google Apps Script into Google Drive, while other versions rely on Firebase Realtime Database (RTDB) and Firebase Storage, sometimes paired with Telegram for fast exfiltration. The…
-
Google Uncovers Major Expansion in ShinyHunters Threat Activity Using New Tactics
Tags: authentication, corporate, credentials, cyber, cybercrime, extortion, google, identity, mfa, phishing, service, software, tactics, threatA substantial expansion in cybercrime operations using tactics consistent with ShinyHunters-branded extortion campaigns. These sophisticated operations employ advanced voice phishing (vishing) and victim-branded credential harvesting websites to compromise corporate environments by stealing single sign-on (SSO) credentials and multi-factor authentication (MFA) codes. While the methodology of targeting identity providers and Software-as-a-Service (SaaS) platforms remains consistent with…
-
Former Google Engineer Found Guilty of Stealing AI Secrets
Linwei Ding, a former Google engineer, has been found guilty of stealing trade secrets for China First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/former-google-engineer-guilty/
-
StrongestLayer: Top ‘Trusted’ Platforms are Key Attack Surfaces
Explore StrongestLayer’s threat intelligence report highlighting the rise of email security threats exploiting trusted platforms like DocuSign and Google Calendar. Learn how organizations can adapt to defend against these evolving cyber risks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/strongestlayer-top-trusted-platforms-are-key-attack-surfaces/
-
Keine Malware nötig: So leicht lässt sich Googles Gemini über den Kalender hacken
First seen on t3n.de Jump to article: t3n.de/news/keine-malware-noetig-so-leicht-laesst-sich-googles-gemini-ueber-den-kalender-hacken-1726136/
-
9 Millionen Android-Geräte betroffen: Google macht gigantisches Proxy-Netzwerk dicht
First seen on t3n.de Jump to article: t3n.de/news/neun-millionen-android-geraete-betroffen-google-macht-gigantisches-proxy-netzwerk-dicht-1727553/
-
Ex-Google Engineer Convicted for Stealing AI Secrets for China Startup
A former Google engineer accused of stealing thousands of the company’s confidential documents to build a startup in China has been convicted in the U.S., the Department of Justice (DoJ) announced Thursday.Linwei Ding (aka Leon Ding), 38, was convicted by a federal jury on seven counts of economic espionage and seven counts of theft of…
-
Groups Warn $32B Google-Wiz Deal Threatens Cloud Competition
Civil Society Orgs Concerned Deal Could Tilt Cloud Security Space in Google’s Favor. A coalition of European civil society organizations is urging regulators to launch a detailed antitrust investigation into Google’s proposed $32 billion purchase of Wiz. They argue the acquisition would strengthen Google’s dominance in cloud security and undermine multi-cloud neutrality. First seen on…
-
U.S. convicts ex-Google engineer for sending AI tech data to China
A U.S. federal jury has convicted Linwei Ding, a former software engineer at Google, for stealing AI supercomputer data from his employer and secretly sharing it with Chinese tech firms. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-convicts-ex-google-engineer-for-sending-ai-tech-data-to-china/
-
Former Google Engineer Convicted of Stealing AI Secrets for China
A 38-year-old also known as Leon Ding, was convicted on seven counts of economic espionage and seven counts of theft of trade secrets following an 11-day trial. First seen on hackread.com Jump to article: hackread.com/google-engineer-convict-steal-ai-secrets-china/
-
Former Google Engineer Convicted in AI Trade Secret Theft Case
A former Google engineer was convicted of stealing confidential AI trade secrets to support a China-based startup. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/former-google-engineer-convicted-in-ai-trade-secret-theft-case/
-
Google’s disruption rips millions out of devices out of malicious network
The actions impaired some of IPIDEA’s proxy infrastructure, but not all of it. The effort underscores the back-and-forth struggle of taking out pieces of cybercriminals’ vast and growing infrastructure. First seen on cyberscoop.com Jump to article: cyberscoop.com/ipidea-proxy-network-disrupted-google-lumen/
-
Aluminium OS: Leak offenbart ersten Blick auf den Windows-Konkurrenten von Google
First seen on t3n.de Jump to article: t3n.de/news/aluminium-os-leak-windows-konkurrent-google-1727292/
-
Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access
Cybersecurity researchers have discovered malicious Google Chrome extensions that come with capabilities to hijack affiliate links, steal data, and collect OpenAI ChatGPT authentication tokens.One of the extensions in question is Amazon Ads Blocker (ID: pnpchphmplpdimbllknjoiopmfphellj), which claims to be a tool to browse Amazon without any sponsored content. It was uploaded to the Chrome First…
-
Ex-Google engineer found guilty of stealing AI secrets
A federal jury in California convicted former Google software engineer Linwei Ding, also known as Leon Ding, on seven counts of economic espionage and seven counts of theft of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/30/ex-google-engineer-espionage/
-
Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup
A former Google engineer accused of stealing thousands of the company’s confidential documents to build a startup in China has been convicted in the U.S., the Department of Justice (DoJ) announced Thursday.Linwei Ding (aka Leon Ding), 38, was convicted by a federal jury on seven counts of economic espionage and seven counts of theft of…
-
App-Moderation: KI-Nackt-Apps fluten die offiziellen App-Stores
Ein Bericht des TTP zeigt: Apple und Google hosten Dutzende Apps, die KI für Deepfake-Nacktbilder nutzen – und verdienen an ihnen mit. First seen on golem.de Jump to article: www.golem.de/news/app-moderation-ki-nackt-apps-fluten-die-offiziellen-app-stores-2601-204797.html