Tag: google
-
Cloudflare Joins List of Salesloft Drift Breach Victims
Full Breach Scope Remains Unclear; Hundreds of Organizations Reportedly Affected. The scope of the Salesloft Drift data breach continues to expand, now counting Cloudflare, Zscaler, Palo Alto Networks as victims and what investigators say are many hundreds more organizations that connected their Salesforce, Google Workspace or other tools to Salesloft’s AI chatbot. First seen on…
-
Google addressed two Android flaws actively exploited in targeted attacks
Google addressed 120 Android vulnerabilities in September 2025, including two flaws actively exploited in targeted attacks. Google has released security updates to address 120 Android vulnerabilities as part of Android Security Bulletin September 2025. Two of these vulnerabilities have been exploited in targeted attacks. >>There are indications that the following may be under limited, targeted […]…
-
Google addressed two Android flaws actively exploited in targeted attacks
Google addressed 120 Android vulnerabilities in September 2025, including two flaws actively exploited in targeted attacks. Google has released security updates to address 120 Android vulnerabilities as part of Android Security Bulletin September 2025. Two of these vulnerabilities have been exploited in targeted attacks. >>There are indications that the following may be under limited, targeted […]…
-
When Google Says >>Scan for Secrets<<: A Complete Guide to Finding Hidden Credentials in Salesforce
The Salesloft Drift breach affected hundreds of organizations through Salesforce, including Cloudflare, Palo Alto Networks, and Zscaler. Google now explicitly recommends running secrets scanning tools across Salesforce data”, here’s your complete guide. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/when-google-says-scan-for-secrets-a-complete-guide-to-finding-hidden-credentials-in-salesforce/
-
Google patches two Android zero-days, 120 defects total in September security update
The critical, actively exploited zero-day vulnerabilities affect the Linux kernel and Android runtime. First seen on cyberscoop.com Jump to article: cyberscoop.com/android-security-update-september-2025/
-
Google fixes actively exploited Android flaws in September update
Google has released the September 2025 security update for Android devices, addressing a total of 84 vulnerabilities, including two actively exploited flaws. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-fixes-actively-exploited-android-flaws-in-september-update/
-
Indirect Prompt Injection Attacks Against LLM Assistants
Tags: attack, automation, control, data, disinformation, email, framework, google, injection, LLM, malicious, mitigation, mobile, phishing, risk, risk-assessment, threat, toolReally good research on practical attacks against LLM agents. “Invitation Is All You Need! Promptware Attacks Against LLM-Powered Assistants in Production Are Practical and Dangerous” Abstract: The growing integration of LLMs into applications has introduced new security risks, notably known as Promptware”, maliciously engineered prompts designed to manipulate LLMs to compromise the CIA triad of…
-
Namespace Reuse Vulnerability Exposes AI Platforms to Remote Code Execution
A newly discovered vulnerability in the AI supply chain”, termed Model Namespace Reuse”, permits attackers to achieve Remote Code Execution (RCE) across major AI platforms, including Microsoft Azure AI Foundry, Google Vertex AI, and thousands of open-source projects. By re-registering abandoned or deleted model namespaces on Hugging Face, malicious actors can trick pipelines that fetch…
-
Android Security Alert: Google Patches 120 Flaws, Including Two Zero-Days Under Attack
Google has shipped security updates to address 120 security flaws in its Android operating system as part of its monthly fixes for September 2025, including two issues that it said have been exploited in targeted attacks.The vulnerabilities are listed below -CVE-2025-38352 (CVSS score: 7.4) – A privilege escalation flaw in the Linux Kernel component CVE-2025-48543…
-
Google Avoids Chrome Breakup but Must Share Search Data With Competitors
The U.S. District Court for the District of Columbia today imposed landmark remedies in the Justice Department’s monopolization case against Google, ordering the tech giant to share critical search data with competitors and outlawing exclusive distribution agreements for its flagship products. The ruling stops short of forcing Google to divest its Chrome browser but mandates…
-
Chrome 140 Release Fixes Critical RCE Vulnerabilities
Tags: browser, chrome, cyber, google, linux, rce, remote-code-execution, update, vulnerability, windowsGoogle has released Chrome 140 to the stable channel for Windows, Mac, and Linux. This update will roll out to users over the coming days and weeks. The new version, 140.0.7339.80 for Linux and 140.0.7339.80/81 for Windows and Mac, delivers several security fixes and improvements. A full list of changes is available in the Chromium log.…
-
Android droppers evolved into versatile tools to spread malware
Android droppers now spread banking trojans, SMS stealers, and spyware, disguised as government or banking apps in India and Asia. ThreatFabric researchers warn of a shift in Android malware: dropper apps now deliver not just banking trojans, but also SMS stealers and spyware, mainly in Asia. Google’s Pilot Program enhances Play Protect by scanning Android…
-
Google Cloud Cloudflare Missed 3-Year Phishing Campaign
An industrial-scale phishing campaign exploiting Google Cloud and Cloudflare infrastructure operated in plain sight for more than three years, targeting Fortune 500 companies and siphoning millions in potential revenue while evading detection. Deep Specter Research’s investigation reveals the depth of this willful blindness and its far-reaching consequences for brands, regulators, and end users. Google Cloud…
-
Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft Drift breach
In the wake of last week’s revelation of a breach at Salesloft by a group tracked by Google as UNC6395, several companies including Zscaler, Palo Alto Networks, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/02/zscaler-palo-alto-networks-spycloud-among-the-affected-by-salesloft-breach/
-
Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft Drift breach
In the wake of last week’s revelation of a breach at Salesloft by a group tracked by Google as UNC6395, several companies including Zscaler, Palo Alto Networks, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/02/zscaler-palo-alto-networks-spycloud-among-the-affected-by-salesloft-breach/
-
Cloudsysteme beteiligt: Cloudflare wehrt erneut RekordAngriff ab
Mit 11,5 Tbps war die Datenrate um etwa 57 Prozent höher als beim vorherigen DDoS-Rekord. Der Traffic kam unter anderem von Google Cloud. First seen on golem.de Jump to article: www.golem.de/news/cloudsysteme-beteiligt-cloudflare-wehrt-erneut-rekord-ddos-angriff-ab-2509-199739.html
-
How the generative AI boom opens up new privacy and cybersecurity risks
Privacy and cybersecurity risks: Another major problem lies in potential privacy and cybersecurity breaches, both for end users and for the companies themselves.Panda warns how AIs fed with large amounts of personal data can become a gateway to fraud or to create much more sophisticated and infallible attacks if they fall into the wrong hands.…
-
How the generative AI boom opens up new privacy and cybersecurity risks
Privacy and cybersecurity risks: Another major problem lies in potential privacy and cybersecurity breaches, both for end users and for the companies themselves.Panda warns how AIs fed with large amounts of personal data can become a gateway to fraud or to create much more sophisticated and infallible attacks if they fall into the wrong hands.…
-
How the generative AI boom opens up new privacy and cybersecurity risks
Privacy and cybersecurity risks: Another major problem lies in potential privacy and cybersecurity breaches, both for end users and for the companies themselves.Panda warns how AIs fed with large amounts of personal data can become a gateway to fraud or to create much more sophisticated and infallible attacks if they fall into the wrong hands.…
-
Android Issues Security Update to Patch Actively Exploited 0-Day Flaws
Google has released a criticalAndroid Security Bulletinfor September 2025, addressing multiple high-severity vulnerabilities that are currently being actively exploited in the wild. The security patch level2025-09-05or later is required to protect Android devices from these serious threats. The security bulletin reveals thattwo CVEs are under limited, targeted exploitation, making this update particularly urgent for Android…
-
Android Issues Security Update to Patch Actively Exploited 0-Day Flaws
Google has released a criticalAndroid Security Bulletinfor September 2025, addressing multiple high-severity vulnerabilities that are currently being actively exploited in the wild. The security patch level2025-09-05or later is required to protect Android devices from these serious threats. The security bulletin reveals thattwo CVEs are under limited, targeted exploitation, making this update particularly urgent for Android…
-
Hackers Turn Personal: Scattered LapSus Hunters Demand Google Sack Employees
A hacker collective identifying itself as the Scattered LapSus Hunters has issued a direct threat to Google, demanding the termination of two of the company’s security employees. The group claims it will leak internal data unless Google complies. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/hacker-collective-threatens-google/
-
Hackers Turn Personal: Scattered LapSus Hunters Demand Google Sack Employees
A hacker collective identifying itself as the Scattered LapSus Hunters has issued a direct threat to Google, demanding the termination of two of the company’s security employees. The group claims it will leak internal data unless Google complies. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/hacker-collective-threatens-google/
-
Desaster Salesloft / Salesforce-Hack: Google, Cloudflare Co. unter den Opfern
Tags: googleIm August 2025 ist es Angreifern gelungen, in die Drift-Salesforce-Integration von Salesloft einzudringen, um Daten wie AWS-Schlüssel und Snowflake-Tokens zu stehlen. Mit beteiligt wohl ZScaler. Und nun werden immer mehr Opfer (Google, Cloudflare etc.) bekannt. Hier ein kleiner Überblick, das … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/09/03/desaster-salesloft-salesforce-hack-google-cloudflare-co-unter-den-opfern/
-
TDL 002 – Defending the DNS: How Quad9 Protects the Internet with John Todd
Tags: access, apple, attack, business, china, ciso, communications, control, country, crime, cyber, cybersecurity, data, defense, dns, email, encryption, firewall, google, ibm, india, infrastructure, intelligence, Internet, jobs, law, malicious, malware, network, phishing, privacy, service, strategy, technology, threat, tool, zero-trustSummary The Defender’s Log episode features John Todd from Quad9, discussing their mission to protect the internet through secure DNS. Quad9, a non-profit launched in 2017 with founding partners Global Cyber Alliance, Packet Clearing House, and IBM, provides a free, global recursive DNS resolver that blocks malicious domains. Todd emphasizes that Quad9’s success is a…
-
Google Says Claims of Mass Gmail Security Breach Are “Entirely False”
Google has debunked the recent reports that it was alerting its billions of Gmail users to a security breach. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-gmail-security-breach-false-google/
-
Zscaler latest victim of Salesloft Drift attacks, customer data exposed
Joins Google, Palo Alto Networks in the ever-growing supply chain compromise First seen on theregister.com Jump to article: www.theregister.com/2025/09/02/zscaler_customer_data_drift_compromise/
-
Cloudflare blocked a record 11.5 Tbps DDoS attack
Cloudflare blocked a record 11.5 Tbps DDoS attack, a UDP flood from Google Cloud, part of weeks-long assault waves. Cloudflare announced on X that it had blocked the largest ever DDoS attack, peaking at 11.5 Tbps. The UDP flood, mainly from Google Cloud, was part of a wave of attacks that lasted several weeks. Cloudflare…