Tag: google
-
Anthropic AI ultimatums and IP theft: The unspoken risk
Tags: ai, ceo, china, ciso, data, data-breach, defense, google, government, intelligence, monitoring, network, openai, risk, service, theft, toolChina’s extraction campaign: A targeting operation, not a curiosity: Anthropic’s disclosure that three China”‘based AI companies (DeepSeek, Moonshot AI, and MiniMax) ran more than 16 million interactions through roughly 24,000 fraudulent accounts is not a story about model misuse. It is a story about targeting. These campaigns went straight at Claude’s most sensitive capabilities: agentic…
-
U.S. CISA adds Qualcomm and Broadcom VMware Aria Operations flaws to its Known Exploited Vulnerabilities catalog
Tags: cisa, cybersecurity, exploit, flaw, google, infrastructure, kev, microsoft, ransomware, vmware, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Qualcomm and Broadcom VMware Aria Operations flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: In…
-
Google speeds up Chrome updates with new security-focused release cycle
The Chrome browser is moving to a two-week release cycle, a change intended to give developers and users faster access to new features, performance improvements and bug fixes. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/04/google-chrome-two-week-release-cycle/
-
Google speeds up Chrome updates with new security-focused release cycle
The Chrome browser is moving to a two-week release cycle, a change intended to give developers and users faster access to new features, performance improvements and bug fixes. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/04/google-chrome-two-week-release-cycle/
-
Google speeds up Chrome updates with new security-focused release cycle
The Chrome browser is moving to a two-week release cycle, a change intended to give developers and users faster access to new features, performance improvements and bug fixes. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/04/google-chrome-two-week-release-cycle/
-
APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2
Cybersecurity researchers have disclosed details of an advanced persistent threat (APT) group dubbed Silver Dragon that has been linked to cyber attacks targeting entities in Europe and Southeast Asia since at least mid-2024.”Silver Dragon gains its initial access by exploiting public-facing internet servers and by delivering phishing emails that contain malicious attachments,” Check Point said…
-
Phishing Campaign Uses Google Cloud to Host Malicious Redirects via GCS Bucket
A sophisticated phishing campaign has recently emerged, leveraging Google Cloud’s trusted infrastructure to host malicious redirects. The campaign’s technical structure leverages Google Cloud Storage legitimate domain, googleapis.com, which is widely trusted by mail gateways and end users alike. This provides the attackers an opportunity to bypass common security layers such as SPF and DKIM validation.…
-
Microsoft Alerts Customers to New Phishing Attack Exploiting OAuth in Entra ID to Bypass Detection
Tags: attack, authentication, credentials, cyber, detection, exploit, google, government, microsoft, phishing, software, threat, vulnerabilityMicrosoft recently uncovered sophisticated phishing campaigns that exploit the by-design redirection mechanisms of the OAuth 2.0 protocol. Threat actors are targeting government and public-sector organizations by manipulating legitimate authentication flows in Microsoft Entra ID and Google Workspace. Rather than exploiting traditional software vulnerabilities or stealing credentials directly, this campaign abuses trusted protocol behavior to bypass…
-
Silver Dragon APT Group Exploits Google Drive for Covert Attacks on Europe, Asia
Silver Dragon is a Chinese”‘aligned APT group that has been targeting public sector and high”‘profile organizations in Europe and Southeast Asia since at least mid”‘2024, with strong operational overlap to APT41 tradecraft. The group combines classic post”‘exploitation tooling like Cobalt Strike with new custom malware that abuses Google Drive as a covert command”‘and”‘control (C2) channel.research.…
-
Thousands of iPhones Compromised in Massive Hack via Coruna Exploit Kit with 23 Vulnerabilities
Security researchers from the Google Threat Intelligence Group (GTIG) have uncovered >>Coruna,<< a highly sophisticated iOS exploit kit responsible for compromising thousands of iPhones. Targeting iOS versions 13.0 through 17.2.1, the framework contains five complete exploit chains leveraging a staggering 23 vulnerabilities. What began as a tool for a commercial surveillance vendor in early 2025…
-
The DocuSign Email That Wasn’t A Three-Redirect Credential Harvest
<div cla TL;DR Attackers sent a convincing DocuSign notification with a “Review & Sign” button that chained through Google Maps redirects to an Amazon S3-hosted credential harvesting page. The redirect chain defeated URL scanners, and real law-firm footers added legitimacy. IRONSCALES Adaptive AI flagged the behavioral mismatch between sender infrastructure and brand identity before the first…
-
The DocuSign Email That Wasn’t A Three-Redirect Credential Harvest
<div cla TL;DR Attackers sent a convincing DocuSign notification with a “Review & Sign” button that chained through Google Maps redirects to an Amazon S3-hosted credential harvesting page. The redirect chain defeated URL scanners, and real law-firm footers added legitimacy. IRONSCALES Adaptive AI flagged the behavioral mismatch between sender infrastructure and brand identity before the first…
-
Google feels the need for security speed, so will ship Chrome updates every two weeks
Retains eight-weekly Extended Stable releases but warns fortnightly updates are the best way to stay safe First seen on theregister.com Jump to article: www.theregister.com/2026/03/04/google_speeds_chrome_release_cadence/
-
Fake Zoom and Google Meet Pages Trick Users Into Installing Monitoring Tool
Fake Zoom and Google Meet pages trick users into installing a monitoring software on Windows systems through phishing links and fake updates. First seen on hackread.com Jump to article: hackread.com/zoom-google-meet-phishing-monitoring-tool/
-
Google urges Supreme Court to strike down geofence warrants as unconstitutional
Tags: googleIn its amicus brief, Google called the warrants a violation of people’s rights and said that in recent months it has objected to more than 3,000 geofence warrants on constitutional grounds. First seen on therecord.media Jump to article: therecord.media/google-urges-supreme-court-strike-down-geolocation-warrants
-
Google Chrome shifts to two-week release cycle for increased stability
Google Chrome will shift from a four-week to a two-week release cycle to roll out new features, bug fixes, and performance improvements more frequently. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-chrome-shifts-to-two-week-release-cycle-for-increased-stability/
-
Google Expands AI Scam Protection to Samsung Galaxy S26
Google expands Gemini-powered scam detection to Samsung Galaxy S26 and more Android devices, bringing on-device AI fraud protection to calls and messages. The post Google Expands AI Scam Protection to Samsung Galaxy S26 appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-gemini-scam-detection-android-samsung-expansion/
-
Android devices hit by exploited Qualcomm flaw CVE-2026-21385
Google confirms that the Qualcomm Android vulnerability CVE-2026-21385 was exploited in real-world attacks. Google has confirmed that CVE-2026-21385 (CVSS score of 7.8), a high-severity vulnerability affecting an open-source Qualcomm component used in Android devices, has been actively exploited. >>There are indications that CVE-2026-21385 may be under limited, targeted exploitation.<< reads Google's advisory. The flaw is…
-
Chrome security flaw enabled spying via Gemini Live assistant
A Google Chrome vulnerability lets malicious extensions hijack Gemini Live to spy on users and steal sensitive files. Researchers at Palo Alto Networks found a Chrome vulnerability, tracked as CVE-2026-0628, that could let malicious extensions take control of the Gemini Live AI assistant. By abusing the flaw, attackers could spy on users and exfiltrate sensitive…
-
Android gets patches for Qualcomm zero-day exploited in attacks
Google has released security updates to patch 129 Android security vulnerabilities, including an actively exploited zero-day flaw in a Qualcomm display component. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-patches-android-zero-day-actively-exploited-in-attacks/
-
Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited
Google on Monday disclosed that a high-severity security flaw impacting an open-source Qualcomm component used in Android devices has been exploited in the wild.The vulnerability in question is CVE-2026-21385 (CVSS score: 7.8), a buffer over-read in the Graphics component.”Memory corruption when adding user-supplied data without checking available buffer space,” Qualcomm said in an advisory, First…
-
Malvertising Campaign Spreads AMOS ‘malext’ macOS Infostealer via Fake Text-Sharing Ads
A large-scale malvertising operation targets macOS users with fake Google Ads leading to malicious text-sharing sites. These lures deliver the AMOS infostealer variant, dubbed >>malext,<< which steals sensitive data such as browser credentials and crypto wallets. Suspicious password prompts halted the compromise, revealing initial domains like optimize-storage-mac-os[.]medium[.]com, octopox[.]com, and vagturk[.]com."‹ Google Ads Library exposed over…
-
Google Chrome Introduces Merkle Tree Certificates to Protect HTTPS from Quantum Attacks
Google Chrome’s Secure Web and Networking Team has unveiled a new initiative aimed at defending HTTPS traffic against emerging quantum computing threats. This development, rooted in the Internet Engineering Task Force’s (IETF) >>PKI, Logs, And Tree Signatures<< (PLANTS) working group, introduces Merkle Tree Certificates (MTCs) as a quantum-safe evolution for the web ecosystem. Quantum computers…
-
Android Security Update Fixes 129 Flaws and Tackles Actively Exploited Zero-Day Flaw
Google has rolled out the highly anticipated March 2026 Android Security Bulletin, delivering critical fixes for 129 security vulnerabilities across the Android ecosystem. This massive update represents one of the highest numbers of patches issued in a single month. The rollout is structured into two distinct security patch levels, 2026-03-01 and 2026-03-05, giving device manufacturers…
-
Google addresses actively exploited Qualcomm zero-day in fresh batch of 129 Android vulnerabilities
The company’s latest security update contains the highest number of Android vulnerabilities patched in a single month since April 2018. First seen on cyberscoop.com Jump to article: cyberscoop.com/android-security-update-march-2026/
-
Phishing Pages for Zoom and Google Meet Install Monitoring Tool
Fake Zoom and Google Meet pages trick users into installing Teramind monitoring software on Windows systems through phishing links and fake updates. First seen on hackread.com Jump to article: hackread.com/zoom-google-meet-phishing-teramind-monitoring-tool/
-
Fake Google Security site uses PWA app to steal credentials, MFA codes
A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims’ browsers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-google-security-site-uses-pwa-app-to-steal-credentials-mfa-codes/
-
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system.The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8.8), has been described as a case of insufficient policy enforcement in the WebView tag. It was patched by…
-
Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome
Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers.”To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates containing post-quantum cryptography to the Chrome Root Store,” the Chrome Secure Web…