Tag: google
-
‘Cellik’ Android RAT Leverages Google Play Store
The remote access Trojan lets an attacker remotely control a victim’s phone and can generate malicious apps from inside the Play Store. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/cellik-android-rat-leverages-google-play-store
-
Complying with the Monetary Authority of Singapore’s Cloud Advisory: How Tenable Can Help
Tags: access, advisory, attack, authentication, best-practice, business, cloud, compliance, container, control, country, credentials, cyber, cybersecurity, data, data-breach, finance, fintech, framework, google, governance, government, iam, identity, incident response, infrastructure, intelligence, Internet, kubernetes, least-privilege, malicious, malware, mfa, microsoft, mitigation, monitoring, oracle, regulation, resilience, risk, risk-assessment, risk-management, service, software, strategy, technology, threat, tool, vulnerability, vulnerability-management, zero-trustThe Monetary Authority of Singapore’s cloud advisory, part of its 2021 Technology Risk Management Guidelines, advises financial institutions to move beyond siloed monitoring to adopt a continuous, enterprise-wide approach. These firms must undergo annual audits. Here’s how Tenable can help. Key takeaways: High-stakes compliance: The MAS requires all financial institutions in Singapore to meet mandatory…
-
When Zero-Days Go Active: What Ongoing Windows, Chrome, and Apple Exploits Reveal About Modern Intrusion Risk
A series of actively exploited zero-day vulnerabilities affecting Windows, Google Chrome, and Apple platforms was disclosed in mid-December, according to The Hacker News, reinforcing a persistent reality for defenders: attackers no longer wait for exposure windows to close. They exploit them immediately. Unlike large-scale volumetric attacks that announce themselves through disruption, zero-day exploitation operates quietly.…
-
14 Malicious NuGet Packages Found Stealing Crypto Wallets and Ad Data
ReversingLabs discovers 14 malicious NuGet packages, including Netherеum.All, using homoglyphs and fake downloads to steal crypto wallets and Google Ads data. First seen on hackread.com Jump to article: hackread.com/nuget-malicious-packages-steal-crypto-ad-data/
-
Google Chrome Extension is Intercepting Millions of Users’ AI Chats
A Chrome browser extension with 6 million users, as well as seven other Chrome and Edge extensions, for months have been silently collecting data from every AI chatbot conversion, packaging it, and then selling it to third parties like advertisers and data brokers, according to Koi Security. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/google-chrome-extension-is-intercepting-millions-of-users-ai-chats/
-
Cellik Android Malware Uses One-Click APK Builder to Hide in Play Store Apps
A newly discovered Android Remote Access Trojan (RAT) called Cellik is democratizing sophisticated mobile surveillance attacks by bundling advanced spyware capabilities with an automated tool that allows attackers to inject malicious code into legitimate Google Play Store applications seamlessly. The malware address a significant escalation in Android-targeted threats, combining complete device control, real-time surveillance, and…
-
Cellik Android Malware Uses One-Click APK Builder to Hide in Play Store Apps
A newly discovered Android Remote Access Trojan (RAT) called Cellik is democratizing sophisticated mobile surveillance attacks by bundling advanced spyware capabilities with an automated tool that allows attackers to inject malicious code into legitimate Google Play Store applications seamlessly. The malware address a significant escalation in Android-targeted threats, combining complete device control, real-time surveillance, and…
-
Chrome Security Update Fixes Remote Code Execution Flaws
Tags: browser, chrome, cyber, flaw, google, linux, remote-code-execution, update, vulnerability, windowsGoogle has released an emergency security update for the Chrome browser, addressing two high-severity vulnerabilities that could enable remote code execution attacks. The stable channel update version 143.0.7499.146/.147 is now rolling out to Windows, Mac, and Linux users.”‹ Critical Vulnerabilities Patched The update fixes two significant security flaws reported by external security researchers. The first…
-
Google Finds Five China-Nexus Groups Exploiting React2Shell Flaw
Researchers with Google Threat Intelligence Group have detected five China-nexus threat groups exploiting the maximum-security React2Shell security flaw to drop a number of malicious payloads, from backdoors to downloaders to tunnelers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/google-finds-five-china-nexus-groups-exploiting-react2shell-flaw/
-
Google Finds Five China-Nexus Groups Exploiting React2Shell Flaw
Researchers with Google Threat Intelligence Group have detected five China-nexus threat groups exploiting the maximum-security React2Shell security flaw to drop a number of malicious payloads, from backdoors to downloaders to tunnelers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/google-finds-five-china-nexus-groups-exploiting-react2shell-flaw/
-
Cellik Android malware builds malicious versions from Google Play apps
A new Android malware-as-a-service (MaaS) named Cellik is being advertised on underground cybercrime forums offering a robust set of capabilities that include the option to embed it in any app available on the Google Play Store. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cellik-android-malware-builds-malicious-versions-from-google-play-apps/
-
Demystifying risk in AI
Tags: access, ai, best-practice, bsi, business, ciso, cloud, compliance, control, corporate, csf, cyber, cybersecurity, data, framework, google, governance, group, infrastructure, intelligence, ISO-27001, LLM, mitre, ml, monitoring, nist, PCI, risk, risk-management, strategy, technology, threat, training, vulnerabilityThe data that is inserted in a request.This data is evaluated by a training model that involves an entire architecture.The result of the information that will be delivered From an information security point of view. That is the point that we, information security professionals, must judge in the scope of evaluation from the perspective of…
-
Google Finds Server Takeovers Linked to React2Shell Exploitation
Google warns that attackers are actively exploiting React2Shell to hijack unpatched servers. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/google-finds-server-takeovers-linked-to-react2shell-exploitation/
-
Google to Shut Down Dark Web Monitoring Tool in February 2026
Google has announced that it’s discontinuing its dark web report tool in February 2026, less than two years after it was launched as a way for users to monitor if their personal information is found on the dark web.To that end, scans for new dark web breaches will be stopped on January 15, 2026, and…
-
Google is shutting down its dark web report feature in January
Google is discontinuing its “dark web report” security tool, stating that it wants to focus on other tools it believes are more helpful. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/google/google-is-shutting-down-its-dark-web-report-feature-in-january/
-
Google is shutting down its dark web report feature in January
Google is discontinuing its “dark web report” security tool, stating that it wants to focus on other tools it believes are more helpful. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/google/google-is-shutting-down-its-dark-web-report-feature-in-january/
-
Apple Patches More Zero-Days Used in ‘Sophisticated’ Attack
Two Apple zero-day vulnerabilities discovered this month have overlap with another mysterious zero-day flaw Google patched last week. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/apple-patches-more-zero-days-sophisticated-attack
-
Featured Chrome Browser Extension Caught Intercepting Millions of Users’ AI Chats
A Google Chrome extension with a “Featured” badge and six million users has been observed silently gathering every prompt entered by users into artificial intelligence (AI)-powered chatbots like OpenAI ChatGPT, Anthropic Claude, Microsoft Copilot, DeepSeek, Google Gemini, xAI Grok, Meta AI, and Perplexity.The extension in question is Urban VPN Proxy, which has a 4.7 rating…
-
Google links more Chinese hacking groups to React2Shell attacks
Over the weekend, Google’s threat intelligence team linked five more Chinese hacking groups to attacks exploiting the maximum-severity “React2Shell” remote code execution vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-links-more-chinese-hacking-groups-to-react2shell-attacks/
-
Google links more Chinese hacking groups to React2Shell attacks
Over the weekend, Google’s threat intelligence team linked five more Chinese hacking groups to attacks exploiting the maximum-severity “React2Shell” remote code execution vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-links-more-chinese-hacking-groups-to-react2shell-attacks/
-
Apple, Google forced to issue emergency 0-day patches
Both admit attackers were already exploiting the bugs, with scant detail and hints of spyware-grade abuse First seen on theregister.com Jump to article: www.theregister.com/2025/12/15/apple_follows_google_by_emergency/