Tag: google

Gemini 3 aus Sicht der IT-Sicherheit Der KI-Assistent als Geschäftsgrundlage

Dec 1, 2025 2:49 PM

Tags: ai, google, update

Am 18. November 2025 stellte Google die neueste Version seines KI-Assistenten vor: Gemini 3. Im Mittelpunkt der Schlagzeilen standen Leistungssteigerungen, multimodale Fähigkeiten und verbessertes Reasoning. Doch statt lediglich zu schauen, was die neue Version besser kann als die alte, sollten Führungskräfte sich die weitreichenden Implikationen dieses Updates vergegenwärtigen. Denn mit der Veröffentlichung von Gemini 3…
Google deletes X post after getting caught using a ‘stolen’ AI recipe infographic

Dec 1, 2025 1:49 PM

Tags: ai, breach, google

Google is facing backlash on X after a viral post for its NotebookLM appeared to use a food blogger’s work without credit. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/artificial-intelligence/google-deletes-x-post-after-getting-caught-using-a-stolen-ai-recipe-infographic/
12 signs the CISO-CIO relationship is broken, and steps to fix it

Dec 1, 2025 8:49 AM

Tags: advisory, ai, business, cio, ciso, compliance, control, cybersecurity, data, google, jobs, office, risk, service, strategy, technology

The CIO-CISO relationship matters: The CIO and CISO need to have a strong relationship for either of them to succeed, says MK Palmore, founder and principal adviser for advisory firm Apogee Global RMS and a former director in the Office of the CISO at Google Cloud.”It’s critical that those in these two positions get along…
Schwachstellen in Fluent Bit gefährdeten USInstanzen

Nov 30, 2025 12:49 AM

Tags: cloud, google, microsoft, open-source, software, vulnerability

Cloud-Anbieter wie AWS, Microsoft oder Google verwenden die Open Source-Software Fluent Bit zur Erfassung von Telemetriedaten (Monitoring). Gleich fünf Schwachstellen in dieser Software hätten die Remote-Übernahme von Containern, die auf den entsprechenden Cloud-Instanzen gehostet wurden, ermöglichet. Nutzer sollten die Software … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/30/schwachstellen-in-oss-tool-fluent-bit-gefaehrdete-us-cloud-instanzen/
Mystery OAST Tool Exploits 200 CVEs Using Google Cloud for Large-Scale Attacks

Nov 29, 2025 4:49 PM

Tags: application-security, attack, cloud, cve, cyber, exploit, google, infrastructure, service, threat, tool

A sophisticated threat actor has been operating a private Out-of-band Application Security Testing (OAST) service hosted on Google Cloud infrastructure to conduct a large-scale exploit campaign targeting more than 200 CVEs, according to new research from VulnCheck. Private OAST Domain Raises Red Flags Security researchers at VulnCheck identified unusual activity involving callbacks to detectors-testing.com, an unfamiliar…
HashJack Attack Uses URL ‘#’ to Control AI Browser Behavior

Nov 29, 2025 3:49 PM

Tags: ai, attack, control, cybersecurity, flaw, google, malicious, microsoft, network, vulnerability

Cybersecurity firm Cato Networks reveals HashJack, a new AI browser vulnerability using the ‘#’ symbol to hide malicious commands. Microsoft and Perplexity fixed the flaw, but Google’s Gemini remains at risk. First seen on hackread.com Jump to article: hackread.com/hashjack-attack-url-control-ai-browser-behavior/
Werbefreies Youtube-Streaming: Smarttube-App funktioniert plötzlich nicht mehr

Nov 28, 2025 7:49 PM

Tags: google

Eine Signatur des Entwicklers von Smarttube ist geleakt. Anwendern drohen manipulierte Updates. Google Play Protect blockiert daher die App. First seen on golem.de Jump to article: www.golem.de/news/werbefreies-youtube-streaming-signatur-leak-macht-smarttube-zur-malware-bedrohung-2511-202694.html
KI für das eigene Unternehmen nutzen: Wie Googles neuer Modus die Spielregeln ändert

Nov 28, 2025 5:49 PM

Tags: ai, google

First seen on datensicherheit.de Jump to article: www.datensicherheit.de/google-ki-nutzung-neue-spielregeln
Google-Antigravity-Lücke: KI-Coding-Tool anfällig für Angriffe

Nov 28, 2025 3:49 PM

Tags: access, ai, backdoor, bug, cyberattack, exploit, google, tool, update, vulnerability

Eine Sicherheitslücke in Googles KI-Coding-Tool Antigravity erlaubt es Angreifern, Schadcode einzuschleusen.Anfang November brachte Google sein KI-gestütztes Coding-Tool Antigravity an den Start. Doch bereits nach 24 Stunden sind Forscher des Security-Anbieters Mindgard auf eine schwerwiegende Schwachstelle gestoßen, über die eine dauerhafte Backdoor und Schadcode installiert werden kann.Der kürzlich veröffentlichte Forschungsbericht weist darauf hin, dass sich das…
Werbefreies Youtube-Streaming: Smarttube-App mutiert durch Leak zur Malware-Gefahr

Nov 28, 2025 11:49 AM

Tags: google, leak, malware

Eine Signatur des Entwicklers von Smarttube ist geleakt. Anwendern drohen manipulierte Updates. Google Play Protect blockiert daher die App. First seen on golem.de Jump to article: www.golem.de/news/werbefreies-youtube-streaming-signatur-leak-macht-smarttube-zur-malware-bedrohung-2511-202694.html
Werbefreies Youtube-Streaming: Signatur-Leak macht Smarttube zur Malware-Bedrohung

Nov 28, 2025 9:49 AM

Tags: google, leak, malware

Eine Signatur des Entwicklers von Smarttube ist geleakt. Anwendern drohen manipulierte Updates. Google Play Protect blockiert daher die App. First seen on golem.de Jump to article: www.golem.de/news/werbefreies-youtube-streaming-signatur-leak-macht-smarttube-zur-malware-bedrohung-2511-202694.html
Security researchers caution app developers about risks in using Google Antigravity

Nov 28, 2025 5:49 AM

Tags: access, ai, attack, backdoor, control, cybersecurity, data, email, flaw, framework, github, google, identity, infrastructure, injection, malicious, malware, risk, threat, tool, vulnerability

CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…
Security researchers caution app developers about risks in using Google Antigravity

Nov 28, 2025 5:49 AM

Tags: access, ai, attack, backdoor, control, cybersecurity, data, email, flaw, framework, github, google, identity, infrastructure, injection, malicious, malware, risk, threat, tool, vulnerability

CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…
Security researchers caution app developers about risks in using Google Antigravity

Nov 28, 2025 5:49 AM

Tags: access, ai, attack, backdoor, control, cybersecurity, data, email, flaw, framework, github, google, identity, infrastructure, injection, malicious, malware, risk, threat, tool, vulnerability

CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…
Security researchers caution app developers about risks in using Google Antigravity

Nov 28, 2025 5:49 AM

Tags: access, ai, attack, backdoor, control, cybersecurity, data, email, flaw, framework, github, google, identity, infrastructure, injection, malicious, malware, risk, threat, tool, vulnerability

CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…
Security researchers caution app developers about risks in using Google Antigravity

Nov 28, 2025 5:49 AM

Tags: access, ai, attack, backdoor, control, cybersecurity, data, email, flaw, framework, github, google, identity, infrastructure, injection, malicious, malware, risk, threat, tool, vulnerability

CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…
CSPM buyer’s guide: How to choose the best cloud security posture management tools

Nov 27, 2025 8:49 AM

Tags: access, ai, api, automation, awareness, best-practice, breach, business, cloud, compliance, container, control, crowdstrike, cybercrime, data, data-breach, defense, detection, exploit, framework, google, governance, group, guide, infrastructure, intelligence, kubernetes, leak, LLM, microsoft, monitoring, network, programming, risk, risk-assessment, saas, service, software, strategy, threat, tool, training, unauthorized, vulnerability

cloud security posture management (CSPM) enterprise buyer’s guide today! ] In this buyer’s guide Cloud security posture management (CSPM) explainedWhat to look for in cloud security posture management (CSPM) toolsLeading vendors for cloud security posture management (CSPM)What to ask your cloud security posture management (CSPM) providerEssential readingThat’s where CSPM tools can help. These tools continuously…
AI browsers can be tricked with malicious prompts hidden in URL fragments

Nov 27, 2025 1:49 AM

Tags: ai, attack, backdoor, browser, chrome, computer, email, finance, google, injection, malicious, malware, microsoft, openai, phishing, phone, risk, social-engineering, vulnerability

Tricking users into clicking poisoned links: HashJack is essentially a social engineering attack because it relies on tricking users to click on specially crafted URLs inside emails, chats, websites, or documents. However, this attack can be highly credible because it points to legitimate websites.For example, imagine a spoofed email that claims to be from a…
AI browsers can be tricked with malicious prompts hidden in URL fragments

Nov 27, 2025 1:49 AM

Tags: ai, attack, backdoor, browser, chrome, computer, email, finance, google, injection, malicious, malware, microsoft, openai, phishing, phone, risk, social-engineering, vulnerability

Tricking users into clicking poisoned links: HashJack is essentially a social engineering attack because it relies on tricking users to click on specially crafted URLs inside emails, chats, websites, or documents. However, this attack can be highly credible because it points to legitimate websites.For example, imagine a spoofed email that claims to be from a…
Hochsicherheits-Pakt – NATO und Google Cloud schließen Deal für KI-fähige Cloud

Nov 26, 2025 3:50 PM

Tags: ai, cloud, google

First seen on security-insider.de Jump to article: www.security-insider.de/google-cloud-nato-ncia-vertrag-ki-cloud-a-f3dae3879522c203fcae1c31bc97a2b0/
Check Point deckt Adware-Kampagne ‘GhostAd” in Google-Play auf

Nov 26, 2025 1:49 PM

Tags: adware, google, software

Die Sicherheitsforscher von Check Point Software Technologies haben kürzlich eine Adware-Kampagne im App-Store Google-Play aufgedeckt. Als Cleanup- und Emoji-Apps getarnt, trieben über 15 Applikationen dort ihr Unwesen und belasteten sowohl die Batterie als auch das Datenvolumen der Handys. Nach der Installation starteten sie dauerhafte Werbeschleifen im Hintergrund, die sich nicht beenden ließen und sogar nach…
HashJack: A Novel Exploit Leveraging URL Fragments To Deceive AI Browsers

Nov 26, 2025 12:49 PM

Tags: ai, attack, cyber, exploit, google, injection, microsoft

Security researchers at Cato CTRL have uncovered HashJack. This innovative indirect prompt-injection attack hides harmful commands in the fragment portion of URLs after the >>#
Adware-Kampagne ‘GhostAd” im Google Play Store

Nov 26, 2025 7:49 AM

Tags: adware, google, software

Check Point Software hat eine umfangreiche Adware-Kampagne im Google Play Store entdeckt. Unter dem Tarnmantel von Cleanup- und Emoji-Apps verbreiteten mehr als 15 Anwendungen die Adware ‘GhostAd”. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/ghostad-google-play-store
Zero Day in Chrome – Google warnt vor gefährlichen Sicherheitslücken in Cloud und Browser

Nov 26, 2025 7:49 AM

Tags: browser, chrome, cloud, google, zero-day

First seen on security-insider.de Jump to article: www.security-insider.de/google-warnt-vor-sicherheitsluecken-in-cloud-plattform-und-chrome-browser-a-9fe83e203bd3c0b320821877aebfa899/
Adware-Kampagne ‘GhostAd” im Google Play Store

Nov 26, 2025 7:49 AM

Tags: adware, google, software

Check Point Software hat eine umfangreiche Adware-Kampagne im Google Play Store entdeckt. Unter dem Tarnmantel von Cleanup- und Emoji-Apps verbreiteten mehr als 15 Anwendungen die Adware ‘GhostAd”. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/ghostad-google-play-store
Fluent Bit: Große Clouddienste durch Bugs in Open-Source-Tool gefährdet

Nov 25, 2025 11:49 AM

Tags: google, microsoft, open-source, tool

Konzerne wie AWS, Microsoft und Google setzen Fluent Bit ein. Angreifer hätten deren Cloudsysteme durch Sicherheitslücken kapern können. First seen on golem.de Jump to article: www.golem.de/news/fluent-bit-grosse-clouddienste-durch-bugs-in-open-source-tool-gefaehrdet-2511-202557.html
2026 CSO Hall of Fame call for nominations

Nov 24, 2025 7:49 PM

Tags: ceo, cio, ciso, corporate, cybersecurity, finance, google, group, infrastructure, international, jobs, risk, risk-management, sans, technology

2025 CSO Hall of Fame Honorees Meg Anderson, VP & CISO (retired), Principal Financial Group Bob Bruns, CISO, Avanade Jonathan Chow, CISO, Genesys Mignona Cote, CISO, Infor Laura Deaner, Managing Director, CISO, The Depository Trust & Clearing Corporation (DTCC) George Finney, CISO, University of Texas System Michael Gordon, SVP & CISO, McDonald’s Ron Green, Cybersecurity Fellow/Former CSO, Mastercard Shawn Henry, CSO, CrowdStrike Todd Lukens,…
2026 CSO Hall of Fame call for nominations

Nov 24, 2025 7:49 PM

Tags: ceo, cio, ciso, corporate, cybersecurity, finance, google, group, infrastructure, international, jobs, risk, risk-management, sans, technology

2025 CSO Hall of Fame Honorees Meg Anderson, VP & CISO (retired), Principal Financial Group Bob Bruns, CISO, Avanade Jonathan Chow, CISO, Genesys Mignona Cote, CISO, Infor Laura Deaner, Managing Director, CISO, The Depository Trust & Clearing Corporation (DTCC) George Finney, CISO, University of Texas System Michael Gordon, SVP & CISO, McDonald’s Ron Green, Cybersecurity Fellow/Former CSO, Mastercard Shawn Henry, CSO, CrowdStrike Todd Lukens,…
âš¡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More

Nov 24, 2025 3:49 PM

Tags: ai, attack, breach, browser, chrome, cyber, ddos, exploit, fortinet, google, hacker, malware, microsoft, saas, software, supply-chain, zero-day

This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS tools. Many hid inside trusted apps, browser alerts, and software updates.Big firms like Microsoft, Salesforce, and Google had to react fast, stopping DDoS attacks, blocking bad links, and fixing…
âš¡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More

Nov 24, 2025 3:49 PM

Tags: ai, attack, breach, browser, chrome, cyber, ddos, exploit, fortinet, google, hacker, malware, microsoft, saas, software, supply-chain, zero-day

This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS tools. Many hid inside trusted apps, browser alerts, and software updates.Big firms like Microsoft, Salesforce, and Google had to react fast, stopping DDoS attacks, blocking bad links, and fixing…