Tag: google
-
Thousands of iPhones Compromised in Massive Hack via Coruna Exploit Kit with 23 Vulnerabilities
Security researchers from the Google Threat Intelligence Group (GTIG) have uncovered >>Coruna,<< a highly sophisticated iOS exploit kit responsible for compromising thousands of iPhones. Targeting iOS versions 13.0 through 17.2.1, the framework contains five complete exploit chains leveraging a staggering 23 vulnerabilities. What began as a tool for a commercial surveillance vendor in early 2025…
-
The DocuSign Email That Wasn’t A Three-Redirect Credential Harvest
<div cla TL;DR Attackers sent a convincing DocuSign notification with a “Review & Sign” button that chained through Google Maps redirects to an Amazon S3-hosted credential harvesting page. The redirect chain defeated URL scanners, and real law-firm footers added legitimacy. IRONSCALES Adaptive AI flagged the behavioral mismatch between sender infrastructure and brand identity before the first…
-
Google feels the need for security speed, so will ship Chrome updates every two weeks
Retains eight-weekly Extended Stable releases but warns fortnightly updates are the best way to stay safe First seen on theregister.com Jump to article: www.theregister.com/2026/03/04/google_speeds_chrome_release_cadence/
-
The DocuSign Email That Wasn’t A Three-Redirect Credential Harvest
<div cla TL;DR Attackers sent a convincing DocuSign notification with a “Review & Sign” button that chained through Google Maps redirects to an Amazon S3-hosted credential harvesting page. The redirect chain defeated URL scanners, and real law-firm footers added legitimacy. IRONSCALES Adaptive AI flagged the behavioral mismatch between sender infrastructure and brand identity before the first…
-
Fake Zoom and Google Meet Pages Trick Users Into Installing Monitoring Tool
Fake Zoom and Google Meet pages trick users into installing a monitoring software on Windows systems through phishing links and fake updates. First seen on hackread.com Jump to article: hackread.com/zoom-google-meet-phishing-monitoring-tool/
-
Google urges Supreme Court to strike down geofence warrants as unconstitutional
Tags: googleIn its amicus brief, Google called the warrants a violation of people’s rights and said that in recent months it has objected to more than 3,000 geofence warrants on constitutional grounds. First seen on therecord.media Jump to article: therecord.media/google-urges-supreme-court-strike-down-geolocation-warrants
-
Google Chrome shifts to two-week release cycle for increased stability
Google Chrome will shift from a four-week to a two-week release cycle to roll out new features, bug fixes, and performance improvements more frequently. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-chrome-shifts-to-two-week-release-cycle-for-increased-stability/
-
Google Expands AI Scam Protection to Samsung Galaxy S26
Google expands Gemini-powered scam detection to Samsung Galaxy S26 and more Android devices, bringing on-device AI fraud protection to calls and messages. The post Google Expands AI Scam Protection to Samsung Galaxy S26 appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-gemini-scam-detection-android-samsung-expansion/
-
Android devices hit by exploited Qualcomm flaw CVE-2026-21385
Google confirms that the Qualcomm Android vulnerability CVE-2026-21385 was exploited in real-world attacks. Google has confirmed that CVE-2026-21385 (CVSS score of 7.8), a high-severity vulnerability affecting an open-source Qualcomm component used in Android devices, has been actively exploited. >>There are indications that CVE-2026-21385 may be under limited, targeted exploitation.<< reads Google's advisory. The flaw is…
-
Chrome security flaw enabled spying via Gemini Live assistant
A Google Chrome vulnerability lets malicious extensions hijack Gemini Live to spy on users and steal sensitive files. Researchers at Palo Alto Networks found a Chrome vulnerability, tracked as CVE-2026-0628, that could let malicious extensions take control of the Gemini Live AI assistant. By abusing the flaw, attackers could spy on users and exfiltrate sensitive…
-
Android gets patches for Qualcomm zero-day exploited in attacks
Google has released security updates to patch 129 Android security vulnerabilities, including an actively exploited zero-day flaw in a Qualcomm display component. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-patches-android-zero-day-actively-exploited-in-attacks/
-
Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited
Google on Monday disclosed that a high-severity security flaw impacting an open-source Qualcomm component used in Android devices has been exploited in the wild.The vulnerability in question is CVE-2026-21385 (CVSS score: 7.8), a buffer over-read in the Graphics component.”Memory corruption when adding user-supplied data without checking available buffer space,” Qualcomm said in an advisory, First…
-
Malvertising Campaign Spreads AMOS ‘malext’ macOS Infostealer via Fake Text-Sharing Ads
A large-scale malvertising operation targets macOS users with fake Google Ads leading to malicious text-sharing sites. These lures deliver the AMOS infostealer variant, dubbed >>malext,<< which steals sensitive data such as browser credentials and crypto wallets. Suspicious password prompts halted the compromise, revealing initial domains like optimize-storage-mac-os[.]medium[.]com, octopox[.]com, and vagturk[.]com."‹ Google Ads Library exposed over…
-
Google Chrome Introduces Merkle Tree Certificates to Protect HTTPS from Quantum Attacks
Google Chrome’s Secure Web and Networking Team has unveiled a new initiative aimed at defending HTTPS traffic against emerging quantum computing threats. This development, rooted in the Internet Engineering Task Force’s (IETF) >>PKI, Logs, And Tree Signatures<< (PLANTS) working group, introduces Merkle Tree Certificates (MTCs) as a quantum-safe evolution for the web ecosystem. Quantum computers…
-
Android Security Update Fixes 129 Flaws and Tackles Actively Exploited Zero-Day Flaw
Google has rolled out the highly anticipated March 2026 Android Security Bulletin, delivering critical fixes for 129 security vulnerabilities across the Android ecosystem. This massive update represents one of the highest numbers of patches issued in a single month. The rollout is structured into two distinct security patch levels, 2026-03-01 and 2026-03-05, giving device manufacturers…
-
Google addresses actively exploited Qualcomm zero-day in fresh batch of 129 Android vulnerabilities
The company’s latest security update contains the highest number of Android vulnerabilities patched in a single month since April 2018. First seen on cyberscoop.com Jump to article: cyberscoop.com/android-security-update-march-2026/
-
Phishing Pages for Zoom and Google Meet Install Monitoring Tool
Fake Zoom and Google Meet pages trick users into installing Teramind monitoring software on Windows systems through phishing links and fake updates. First seen on hackread.com Jump to article: hackread.com/zoom-google-meet-phishing-teramind-monitoring-tool/
-
Fake Google Security site uses PWA app to steal credentials, MFA codes
A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims’ browsers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-google-security-site-uses-pwa-app-to-steal-credentials-mfa-codes/
-
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system.The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8.8), has been described as a case of insufficient policy enforcement in the WebView tag. It was patched by…
-
Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome
Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers.”To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates containing post-quantum cryptography to the Chrome Root Store,” the Chrome Secure Web…
-
Chrome Unveils Plan For Quantum-Safe HTTPS Certificates
Google Chrome initiates quantum-resistant measures via Merkle Tree Certificates to secure HTTPS First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chrome-quantum-safe-https/
-
Expect Iran to Launch Cyber-Attacks Globally, Warns Google Head of Threat Intel
John Hultquist suggests “aggressive” Iranian cyber attackers will target the US and its Gulf allies with plausibly deniable ransomware attacks, hacktivist campaigns and more First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iran-cyber-attacks-global-google/
-
Phishing Pages for Zoom and Google Meet Install Teramind Monitoring Tool
Fake Zoom and Google Meet pages trick users into installing Teramind monitoring software on Windows systems through phishing links and fake updates. First seen on hackread.com Jump to article: hackread.com/zoom-google-meet-phishing-teramind-monitoring-tool/
-
Bug in Google’s Gemini AI Panel Opens Door to Hijacking
Attackers could have exploited the vulnerability to escalate privileges, violate user privacy while browsing, and access sensitive resources. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/bug-google-gemini-ai-panel-hijacking
-
Bug in Google’s Gemini AI Panel Opens Door to Hijacking
Attackers could have exploited the vulnerability to escalate privileges, violate user privacy while browsing, and access sensitive resources. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/bug-google-gemini-ai-panel-hijacking
-
Bug in Google’s Gemini AI Panel Opens Door to Hijacking
Attackers could have exploited the vulnerability to escalate privileges, violate user privacy while browsing, and access sensitive resources. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/bug-google-gemini-ai-panel-hijacking
-
GTFire Phishing Campaign Exploits Google Services to Bypass Detection and Harvest Credentials
GTFire is a large-scale phishing scheme that abuses multiple Google services to hide malicious infrastructure, evade security tools, and steal credentials from organizations worldwide. GTFire is a credential-harvesting operation that chains Google Firebase Hosting and Google Translate to deliver phishing pages that look like legitimate brand logins. Attackers host fake login portals on Firebase .web.…
-
Pixel Perfect Browser Extension Exploited for Stealth Script Injection and Security Header Stripping
A popular Chrome add-on, “QuickLens Search Screen with Google Lens,” has quietly morphed from a legitimate productivity tool into a full”‘fledged remote code-execution platform that abuses browser trust, security headers, and silent auto”‘updates. What began as a simple Google Lens wrapper ended in a covert C2″‘driven campaign capable of injecting arbitrary scripts into any […]…