Tag: google
-
Untersuchung von Tenable – Kritische Sicherheitslücken in Business-Intelligence-Tool Google Looker
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecken-google-looker-a-897f9eac9a222e74007a18ba636f6393/
-
0-Click RCE Found in Claude Desktop Extensions, Putting 10,000+ Users at Risk
A critical >>zero-click<< vulnerability in Claude Desktop Extensions (DXT) that allows attackers to compromise a computer using nothing more than a Google Calendar event. The flaw, which has been assigned a maximum severity score of CVSS 10/10, affects more than 10,000 active users and over 50 different extensions. The vulnerability stems from a fundamental architectural decision.…
-
Anthropic’s DXT poses “critical RCE vulnerability” by running with full system privileges
Difference are ‘stark’: Principal AI Security Researcher at LayerX Security Roy Paz said that he tested DXT against Perplexity’s Comet, OpenAI’s Atlas, and Microsoft’s CoPilot, and the differences were stark.”When you ask Copilot, Atlas, or Perplexity to use a tool, then it will use that tool for you. But Claude DXT allows tools to talk…
-
Anthropic’s DXT poses “critical RCE vulnerability” by running with full system privileges
Difference are ‘stark’: Principal AI Security Researcher at LayerX Security Roy Paz said that he tested DXT against Perplexity’s Comet, OpenAI’s Atlas, and Microsoft’s CoPilot, and the differences were stark.”When you ask Copilot, Atlas, or Perplexity to use a tool, then it will use that tool for you. But Claude DXT allows tools to talk…
-
Google Warns Over 1 Billion Android Phones Are Now at Risk
Google warns that over 40% of Android devices no longer receive security updates, leaving more than 1 billion devices exposed to malware and spyware attacks. The post Google Warns Over 1 Billion Android Phones Are Now at Risk appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-android-update-billion-devices-risk/
-
Flaw in Anthropic Claude Extensions Can Lead to RCE in Google Calendar: LayerX
LayerX researchers say that a security in Anthropic’s Claude Desktop Extensions can be exploited to allow threat actors to place a RCE vulnerability into Google Calendar, the latest report to highlight the risks that come with giving AI models with full system privileges unfettered access to sensitive data. First seen on securityboulevard.com Jump to article:…
-
40 Prozent der Android-Smartphones unsicher? Was du über diese Google-Statistik wissen musst
First seen on t3n.de Jump to article: t3n.de/news/40-prozent-android-smartphones-unsicher-1728678/
-
OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills
OpenClaw (formerly Moltbot and Clawdbot) has announced that it’s partnering with Google-owned VirusTotal to scan skills that are being uploaded to ClawHub, its skill marketplace, as part of broader efforts to bolster the security of the agentic ecosystem.”All skills published to ClawHub are now scanned using VirusTotal’s threat intelligence, including their new Code Insight capability,”…
-
Hackers Exploit Free Firebase Accounts to Launch Phishing Campaigns
A new wave of phishing campaigns where scammers are abusing Google’s legitimate infrastructure to bypass security filters. Attackers are now creating free developer accounts on Google Firebase to send fraudulent emails that impersonate well-known brands. By leveraging the reputation of the Firebase domain, these attackers are successfully landing in users’ inboxes, bypassing standard spam detection…
-
Microsoft Brings Back Google’s Hayete Gallot to Run Security
CEO Nadella Names Gallot EVP, Current Head Charlie Bell Takes New Engineering Role. Microsoft CEO Satya Nadella announced leadership changes tied to security and engineering quality including Hayete Gallot’s return from Google as EVP of security and a new individual contributor role for current security leader Charlie Bell focused on engineering quality. First seen on…
-
Chrome Vulnerabilities Allow Code Execution, Browser Crashes
Google released a Chrome security update fixing two high-severity flaws that could enable code execution or crashes via malicious websites. The post Chrome Vulnerabilities Allow Code Execution, Browser Crashes appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-chrome-security-update-february-2026/
-
Microsoft Urges Users to Finally Ditch NTLM Authentication
Seeking to Add Urgency, Mandiant Publishes Rainbow Tables for NTLM Key Hashes. For nearly 30 years, security experts have warned organizations to ditch the weak NTLM authentication protocol in Windows. But its use persists, even amidst easy and active exploits. Now Google has published rainbow tables for NTLMv1. Will this finally drive holdout organizations to…
-
macOS Users Hit by Python Infostealers Posing as AI Installers
Microsoft details 3 Python Infostealers hitting macOS users via fake AI tools, Google ads, and Terminal tricks to steal passwords and crypto, then erase traces. First seen on hackread.com Jump to article: hackread.com/macos-users-python-infostealers-posing-ai-installers/
-
macOS Users Hit by Python Infostealers Posing as AI Installers
Microsoft details 3 Python Infostealers hitting macOS users via fake AI tools, Google ads, and Terminal tricks to steal passwords and crypto, then erase traces. First seen on hackread.com Jump to article: hackread.com/macos-users-python-infostealers-posing-ai-installers/
-
Ohne Google oder Microsoft arbeiten: Eine Woche nur mit europäischer Software
First seen on t3n.de Jump to article: t3n.de/news/ohne-google-oder-microsoft-arbeiten-eine-woche-nur-mit-europaeischer-software-1728129/
-
Smart glasses are back, privacy issues included
AI smart glasses are the latest addition to fashion, and they include a camera, a microphone, AI, and privacy risks. After Google Glass failed to gain traction more than a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/05/ai-smart-glasses-privacy-risk/
-
Satya Nadella decides Microsoft needs an engineering quality czar
Picks chap who used to lead Redmond’s security, lures replacement from Google First seen on theregister.com Jump to article: www.theregister.com/2026/02/05/microsoft_appoints_quality_chief/
-
Microsoft Hires Ex-Google Cloud President Hayete Gallot As New Security Chief
Microsoft confirmed Wednesday that it has hired former Google Cloud executive Hayete Gallot to head its security division, replacing Charlie Bell. First seen on crn.com Jump to article: www.crn.com/news/security/2026/microsoft-hires-ex-google-cloud-president-hayete-gallot-as-new-security-chief
-
Chrome Vulnerabilities Allow Code Execution and Browser Crashes
Google has patched two high-severity Chrome flaws that could allow code execution or browser crashes. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/chrome-vulnerabilities-allow-code-execution-and-browser-crashes/
-
LookOut: Discovering RCE and Internal Access on Looker (Google Cloud On-Prem)
Tenable Research discovered two novel vulnerabilities in Google Looker that could allow an attacker to completely compromise a Looker instance. Google moved swiftly to patch these issues. Organizations running Looker on-prem should verify they have upgraded to the patched versions. Key takeaways Two novel vulnerabilities: Tenable Research discovered a remote code execution (RCE) chain via…
-
Major vulnerabilities found in Google Looker, putting self-hosted deployments at risk
Researchers at Tenable have disclosed two vulnerabilities, collectively referred to as “LookOut,” affecting Google Looker. Because the business intelligence platform is … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/04/google-looker-vulnerabilities-cve-2025-12743/
-
Google Looker Bugs Allow Cross-Tenant RCE, Data Exfil
Attackers could even have used one vulnerable Lookout user to gain access to other GCP tenants’ environments. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/google-looker-bugs-cross-tenant-rce-data-exfil
-
Chrome Flaws Enable Arbitrary Code Execution and System Crashes
Google has released a new Stable Channel update for Chrome (version 144.0.7559.132/.133) on February 3, 2026, addressing two high”‘severity vulnerabilities that could allow attackers to execute arbitrary code or cause system crashes. The update is rolling out gradually for Windows, macOS, and Linux users. According to Google’s security advisory, both vulnerabilities were discovered recently and could be exploited…
-
Microsoft and Google Platforms Abused in New Enterprise Cyberattacks
A dangerous shift in phishing tactics, with threat actors increasingly hosting malicious infrastructure on trusted cloud platforms like Microsoft Azure, Google Firebase, and AWS CloudFront. Unlike traditional phishing campaigns that rely on newly registered suspicious domains, these attacks leverage legitimate cloud services to bypass security defenses and target enterprise users globally. When malicious content is…
-
Chinese Money Laundering Jargon via Google’s Gemini
After having a short discussion with Gemini about Chinese Money Laundering, I could tell we weren’t quite connecting on my Mandarin-assistance requests, so I shared an example post from a Telegram “Crime-as-a-Service” group that was part of a Chinese Guarantee Syndicate. For context, these posts were made in the Tudou Guarantee Syndicate’s group dedicated to…
-
GhostChat Malware Locks Victims’ Devices, Demands Passcodes for Restoration
A new Android spyware campaign that uses romance scams and fake chat profiles to spy on users in Pakistan. The malicious app, named GhostChat and detected as Android/Spy.GhostChat.A, disguises itself as a dating chat platform but is actually built for data theft and surveillance. Instead of being listed on Google Play, it is distributed as…
-
Ex-Google Engineer Convicted of Stealing AI Data for China
Linwei Ding Faces Decades in Prison for Trade Secret Theft, Espionage. A federal jury in San Francisco convicted a former Google software engineer of stealing thousands of pages of confidential AI data and transferring it to Chinese technology companies. Linwei Ding is guilty of seven counts of economic espionage and seven counts of trade secret…
-
What’s New in Tenable Cloud Security: Multi-cloud Risk Analysis, Attack Surface Assessments, Improved IAM Security and More
Tags: ai, attack, cloud, compliance, data, data-breach, endpoint, gartner, google, governance, iam, identity, infrastructure, Internet, least-privilege, microsoft, mitigation, network, radius, risk, risk-analysis, service, supply-chain, switch, tool, training, vulnerabilityTenable Cloud Security continues to expand the technical depth of our Tenable One exposure management platform. Our latest enhancements include unified multi-cloud exploration, high-fidelity network validation, and expanded entitlement visibility across infrastructure and identity providers. Key takeaways Graph-based multi-cloud exploration: We’ve leveraged our unified data model to provide deep visibility across all cloud environments. You…
-
Why non-human identities are your biggest security blind spot in 2026
Tags: access, api, breach, cloud, control, credentials, data-breach, github, google, governance, identity, least-privilege, password, service, threat, toolThe three blind spots I keep finding: After years working in cloud security and identity management, certain patterns show up everywhere I look. Three problems in particular appear in nearly every environment I assess. Secrets where they should never be. I still find API keys hardcoded in source files. Still. In 2026. Last year, GitGuardian…