Tag: google
-
U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog
Tags: android, cisa, cybersecurity, exploit, flaw, google, infrastructure, kev, linux, update, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Sitecore, Android, and Linux to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: This week, Google released security updates to address 120 Android…
-
New Exploit Bypasses Code Integrity to Backdoor Signal, 1Password, Slack, and More
A new security exploit has been discovered that lets attackers slip malicious code into widely used desktop applications including Signal, 1Password, Slack, and Google Chrome by evading built-in code integrity checks. The vulnerability, tracked as Electron CVE-2025-55305, affects nearly every app built on the Chromium engine when they use Electron, a popular framework for making…
-
France’s CNIL fined Google $379M and Shein $175M for breaching cookie rules
France’s data watchdog fined Google $379M (Euro325 million) and Shein $175M (Euro150 million) for breaching cookie rules. The French data watchdog, the National Commission on Informatics and Liberty (CNIL), fined Google $379 million (Euro325 million) and Shein $175 million (Euro150 million) for violating cookie rules. >>The two fines imposed on GOOGLE and SHEIN by the restricted committee the CNIL […]…
-
Hackers Exploit Google Calendar API with Serverless MeetC2 Framework
A novel serverless command-and-control (C2) technique that abuses Google Calendar APIs to obscure malicious traffic inside trusted cloud services. Dubbed MeetC2, this lightweight, cross-platform proof-of-concept demonstrates how adversaries can seamlessly blend C2 communications into everyday SaaS usage, presenting fresh detection, telemetry, and response challenges for red and blue teams alike. In a recent internal purple-team…
-
Neue Hacker-Gruppe GhostRedirector vergiftet Windows-Server
ESET Forscher haben eine neue Hackergruppe identifiziert, dieWindows-Server mit einer passiven C++-Backdoor und einem bösartigen IIS-Modul angreift. Ihr Ziel: die Manipulation von Google-Suchergebnissen First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/neue-hacker-gruppe-ghostredirector-vergiftet-windows-server/
-
Chinese Hackers Game Google to Boost Gambling Sites
New threat actor GhostRedirector is using a malicious IIS module to inject links that try to artificially boost search engine ranking for target sites. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/chinese-hackers-google-boost-gambling-sites
-
China-aligned crew poisons Windows servers to manipulate Google results
Defrauding search with custom malware, Potato-family exploits First seen on theregister.com Jump to article: www.theregister.com/2025/09/04/new_chinaaligned_crew_poisons_windows_servers/
-
Model Namespace Reuse Flaw Hijacks AI Models on Google and Microsoft Platforms
A new security vulnerability called ‘Model Namespace Reuse’ allows attackers to hijack AI models on Google, Microsoft, and… First seen on hackread.com Jump to article: hackread.com/model-namespace-reuse-flaw-ai-models-google-microsoft/
-
Phishing Empire Runs Undetected on Google, Cloudflare
What’s believed to be a global phishing-as-a-service enterprise using cloaking techniques has been riding on public cloud infrastructure for more than 3 years. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/phishing-empire-undetected-google-cloudflare
-
Identity-First Security: Mitigating the Cloud’s Greatest Risk Vector
Tags: access, ai, attack, best-practice, breach, business, cloud, credentials, data, defense, exploit, framework, google, iam, identity, infrastructure, least-privilege, microsoft, phishing, ransomware, risk, service, strategy, threat, vulnerabilityCompromised credentials are now the leading cause of cloud breaches, making identity your most critical attack surface. A new IDC white paper explores why this shift is happening and where traditional defenses fall short. Read on to learn how Tenable’s identity-first approach turns this risk into your strongest defense. Hack the user, own the cloud.…
-
Google hit with $425 million verdict in privacy class action suit
A federal jury on Wednesday awarded plaintiffs suing Google $425 million in damages, holding that by collecting the data of users who had switched off an app activity tracking feature the tech giant invaded the privacy of millions. First seen on therecord.media Jump to article: therecord.media/google-hit-with-425-million-privacy-class-action-verdict
-
Shein, Google hit with fines from French data protection regulator over cookie practices
Google has been penalized Euro325 million ($379 million) and clothing retailer Shein has been ordered to pay Euro150 million ($175 million) for not getting proper consent from users for advertising cookies, France’s CNIL said. First seen on therecord.media Jump to article: therecord.media/shein-google-fines-advertising-cookies-france-cnil
-
France slaps Google with Euro325M fine for violating cookie regulations
The French data protection authority has fined Google Euro325 million ($378 million) for violating cookie regulations and displaying ads between Gmail users’ emails without their consent. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/france-slaps-google-with-325m-fine-for-violating-cookie-regulations/
-
Judge who ruled Google is a monopoly decides to do hardly anything to break it up
Ad giant won’t be broken up, forced to offload Chrome or Android, thanks to AI First seen on theregister.com Jump to article: www.theregister.com/2025/09/03/google_doj_antitrust_ruling/
-
Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352)
Google has provided fixes for over 100 Android vulnerabilities, including CVE-2025-48543 and CVE-2025-38352, which >>may be under limited, targeted exploitation.
-
CMS Provider Sitecore Patches Exploited Critical Zero Day
Google Cloud’s Mandiant successfully disrupted an active ViewState deserialization attack affecting Sitecore deployments First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/sitecore-patches-exploited/
-
Scattered Lapsus$ Hunters Demand Google Fire Security Experts or Face Data Leak
Scattered Lapsus$ Hunters threaten Google, demanding that two security experts, Austin Larsen of Google’s Threat Intelligence Group and Charles Carmakal of Mandiant, be fired or they will leak alleged stolen Google data. First seen on hackread.com Jump to article: hackread.com/scattered-lapsus-hunters-google-fire-experts-data-leak/
-
Phishing-Gefahr: So nutzen Betrüger Google Forms, um an deine Daten zu kommen
First seen on t3n.de Jump to article: t3n.de/news/phishing-gefahr-so-nutzen-betrueger-google-forms-um-an-deine-daten-zu-kommen-1705270/
-
Google Patches 111 Android Vulnerabilities, Confirms Active Exploitation of Two Zero-Days
In its latest Android Security Bulletin, Google has confirmed the patching of 111 unique security vulnerabilities, including two zero-day vulnerabilities that were actively exploited in targeted attacks. The most concerning of these involve CVE-2025-48543, a flaw in Android Runtime, and CVE-2025-38352, a bug in the Linux kernel. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve-2025-48543-and-cve-2025-38352/
-
Google Fined $379 Million by French Regulator for Cookie Consent Violations
The French data protection authority has fined Google and Chinese e-commerce giant Shein $379 million (Euro325 million) and $175 million (Euro150 million), respectively, for violating cookie rules.Both companies set advertising cookies on users’ browsers without securing their consent, the National Commission on Informatics and Liberty (CNIL) said. Shein has since updated its systems to comply…
-
France fines Google, SHEIN for undercooked cookie policies that led to crummy privacy
Web giant and Chinese e-tailer whacked for dropping trackers without permission First seen on theregister.com Jump to article: www.theregister.com/2025/09/04/france_google_shein_cookie_fines/
-
Is Google Down? [Live Google Services Outage Report]
Is Google Down? Google Outage Today (Sept 4, 2025): Are Gmail, Maps, Ads & Analytics Down? [Live ET Status] Updated: Sept 4, 2025, Eastern Time (ET) Quick take: There are user reports of access issues to key Google services,… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/is-google-down-now/
-
Google Alerts to Active Exploitation of Sitecore Zero-Day Flaw
Security teams have issued a warning after Google researchers detected active attacks exploiting a new zero-day vulnerability in Sitecore products. Tracked as CVE-2025-53690, this flaw allows attackers to run code on unpatched servers by tampering with the ViewState mechanism in ASP.NET. Sitecore, a popular content management system, published deployment guides in 2017 and earlier that included…
-
Mega-Patchday bei Google: Android-Nutzer werden attackiert
Google schließt in Android zum September 20-mal so viele Sicherheitslücken wie in den beiden Vormonaten zusammen. Einige werden schon aktiv ausgenutzt. First seen on golem.de Jump to article: www.golem.de/news/mega-patchday-bei-google-android-nutzer-werden-attackiert-2509-199770.html
-
Google Alerts to Active Exploitation of Sitecore Zero-Day Flaw
Security teams have issued a warning after Google researchers detected active attacks exploiting a new zero-day vulnerability in Sitecore products. Tracked as CVE-2025-53690, this flaw allows attackers to run code on unpatched servers by tampering with the ViewState mechanism in ASP.NET. Sitecore, a popular content management system, published deployment guides in 2017 and earlier that included…
-
France fines Google, SHEIN, for undercooked Cookie policies that led to crummy privacy
Web giant and Chinese e-tailer whacked for dropping trackers without permission First seen on theregister.com Jump to article: www.theregister.com/2025/09/04/france_google_shein_cookie_fines/
-
France fines Google, SHEIN, for undercooked Cookie policies that led to crummy privacy
Web giant and Chinese e-tailer whacked for dropping trackers without permission First seen on theregister.com Jump to article: www.theregister.com/2025/09/04/france_google_shein_cookie_fines/
-
How Kingman USD Secures Google Workspace on a K-12 Budget with Cloud Monitor
Arizona district gains real-time threat visibility and protects student data while within budget by partnering with ManagedMethods Claire Sexton, Cybersecurity Administrator for Kingman Unified School District located in Kingman, Arizona, describes her role as the district’s “digital bodyguard.” With a small IT team supporting roughly 7,000 students and 850 staff members, her mission is clear:…
-
Google Says Claims of Mass Gmail Security Breach Are ‘Entirely False’
Google has debunked the recent reports that it was alerting its billions of Gmail users to a security breach. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-gmail-security-breach-false-google/
-
Cloudflare Joins List of Salesloft Drift Breach Victims
Full Breach Scope Remains Unclear; Hundreds of Organizations Reportedly Affected. The scope of the Salesloft Drift data breach continues to expand, now counting Cloudflare, Zscaler, Palo Alto Networks as victims and what investigators say are many hundreds more organizations that connected their Salesforce, Google Workspace or other tools to Salesloft’s AI chatbot. First seen on…