Tag: google
-
PoC Exploit Published for Chrome 0-Day Already Under Active Attack
A proof-of-concept exploit for a high-severity Google Chrome zero-day vulnerability has been published publicly, less than three months after the flaw was first disclosed, amid reports of active in-the-wild exploitation. The vulnerability, tracked as CVE-2025-5419, stems from out-of-bounds reads and writes in Chrome’s V8 JavaScript engine, affecting versions prior to 137.0.7151.68 and opening the door…
-
Banking-Trojaner und mehr: Android-Malware millionenfach über Google Play verteilt
Forscher haben im Google Play Store 77 Android-Apps entdeckt, die eine gefährliche Malware nachladen. Letztere zielt auch auf deutsche Nutzer ab. First seen on golem.de Jump to article: www.golem.de/news/banking-trojaner-und-mehr-android-malware-millionenfach-ueber-google-play-verteilt-2508-199521.html
-
Chinese UNC6384 Hackers Use Valid Code-Signing Certificates to Evade Detection
Google Threat Intelligence Group (GTIG) has uncovered a multifaceted cyber espionage operation attributed to the PRC-nexus threat actor UNC6384, believed to be associated with TEMP.Hex (also known as Mustang Panda). This campaign, aligned with China’s strategic interests, primarily targeted diplomats in Southeast Asia alongside global entities, employing advanced tactics such as adversary-in-the-middle (AitM) attacks, captive…
-
ID-Pflicht für Android-Entwickler
Wer Apps für Google-zertifizierte Android-Geräte entwickelt, muss bald einen Identifikationsnachweis liefern – auch für Apps abseits des Play Stores. First seen on golem.de Jump to article: www.golem.de/news/google-id-pflicht-fuer-android-entwickler-2508-199513.html
-
Shadow AI is surging, getting AI adoption right is your best defense
Why most organizations fail at phase one: Despite the clarity of this progression, many organizations struggle to begin. One of the most common reasons is poor platform selection. Either no tool is made available, or the wrong class of tool is introduced. Sometimes what is offered is too narrow, designed for one function or team.…
-
Malware-ridden apps made it into Google’s Play Store, scored 19 million downloads
Everything’s fine, the ad slinger assures us First seen on theregister.com Jump to article: www.theregister.com/2025/08/26/apps_android_malware/
-
Google to Verify All Android Developers in 4 Countries to Block Malicious Apps
Google has announced plans to begin verifying the identity of all developers who distribute apps on Android, even for those who distribute their software outside the Play Store.”Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices,” the company said. “This creates crucial…
-
ThreatActors Leverage Google Classroom to Target 13,500 Organizations
Google Classroom, a popular educational platform, has been exploited by threat actors to launch a major phishing campaign in a complex operation discovered by Check Point researchers. Over a single week from August 6 to August 12, 2025, attackers disseminated more than 115,000 malicious emails across five coordinated waves, targeting approximately 13,500 organizations globally. These…
-
Russia weighs Google Meet ban as part of foreign tech crackdown
A senior Russian official said the government is considering blocking the video conferencing service Google Meet after brief disruptions in the country late last week. First seen on therecord.media Jump to article: therecord.media/russia-google-meet-ban-crackdown
-
Malicious apps with +19M installs removed from Google Play because spreading Anatsa banking trojan and other malware
Experts found 77 malicious Android apps with 19M+ installs on Google Play, spreading malware, including the Anatsa (TeaBot) banking trojan. While investigating Anatsa (Tea Bot) banking trojan infections, Zscaler’s ThreatLabs discovered seventy-seven malicious Android apps with more than 19 million installs. Several Anatsa decoy apps have each been downloaded more than 50,000 times. The malicious apps…
-
Malicious apps with +19M installs removed from Google Play because spreading Anatsa banking trojan and other malware
Experts found 77 malicious Android apps with 19M+ installs on Google Play, spreading malware, including the Anatsa (TeaBot) banking trojan. While investigating Anatsa (Tea Bot) banking trojan infections, Zscaler’s ThreatLabs discovered seventy-seven malicious Android apps with more than 19 million installs. Several Anatsa decoy apps have each been downloaded more than 50,000 times. The malicious apps…
-
Beware! Google Ads Promote Fake Tesla Websites Soliciting Fraudulent Deposits
Scammers are using Google Ads to pose as Tesla in an elaborate cybercrime campaign that aims to obtain illicit preorders for the company’s unreleased Optimus humanoid robot and other items. These deceptive sponsored listings appear prominently in search results for terms like >>Optimus Tesla preorder,
-
Beware! Google Ads Promote Fake Tesla Websites Soliciting Fraudulent Deposits
Scammers are using Google Ads to pose as Tesla in an elaborate cybercrime campaign that aims to obtain illicit preorders for the company’s unreleased Optimus humanoid robot and other items. These deceptive sponsored listings appear prominently in search results for terms like >>Optimus Tesla preorder,
-
Malicious Android apps with 19M installs removed from Google Play
Seventy-seven malicious Android apps containing different types of malware were found on Google Play after being downloaded more than 19 million times. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-android-apps-with-19m-installs-removed-from-google-play/
-
Fake Google Play Store Websites Deliver Potent RAT to Steal Sensitive Data
Cybersecurity researchers have uncovered a persistent campaign deploying the AndroidOS SpyNote malware, a sophisticated Remote Access Trojan (RAT) designed for surveillance, data exfiltration, and remote device control. This operation mimics legitimate Google Play Store pages for popular Android apps, tricking users into downloading malicious APK files. The campaign, linked to the same threat actor previously…
-
Phishing über Google-Classroom mit 115000 E-Mails an 13500 Organisationen
Check Point Software Technologies hat eine groß angelegte Phishing-Kampagne aufgedeckt, die Google-Classroom missbraucht und noch aktiv ist. Millionen von Lehrern und Schülern weltweit nutzen die Plattform zur Bereitstellung von Leistungsnachweisen, Schulaufgaben und Lehrmaterial. Innerhalb von nur einer Woche starteten die Angreifer fünf koordinierte Wellen und versendeten mehr als 115 000 Phishing-E-Mails an 13 500 Organisationen…
-
Chrome-Erweiterung FreeVPN.One zeichnete Screenshots von Seitenbesuchen auf
Wer bisher glaubte, dass Microsofts Recall in Punkto Überwachung an der Spitze liegt, muss umdenken. Sicherheitsforscher sind auf die Erweiterung FreeVPN.One des Google Chrome-Browsers gestoßen. Diese fertigte Screenshots von allen besuchten Seiten an und sammelte weitere Daten. Die Erweiterung ist … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/08/24/chrome-erweiterung-freevpn-one-zeichnet-screenshots-von-seitenbesuchen-auf/
-
US Government Seeks Medical Records of Trans Youth
Plus: Google wants billions of Chrome users to install an emergency fix, Kristi Noem is on the move, and North Korean IT workers are everywhere. First seen on wired.com Jump to article: www.wired.com/story/us-government-seeks-medical-records-of-trans-youth/
-
FydeOS offers ChromeOS without the Google strings attached
Fork runs Android apps and keeps old PCs ticking over … all without signing into an account with the mothership First seen on theregister.com Jump to article: www.theregister.com/2025/08/21/fydeos_chromiumos_degoogled/
-
Short circuit: Electronics supplier to tech giants suffers ransomware shutdown
Amazon, Apple, Google, and Microsoft among major customers First seen on theregister.com Jump to article: www.theregister.com/2025/08/22/data_io_ransomware_attack_temporarily/
-
Cybersecurity Snapshot: Industrial Systems in Crosshairs of Russian Hackers, FBI Warns, as MITRE Updates List of Top Hardware Weaknesses
Tags: access, ai, attack, automation, cisa, cisco, cloud, conference, control, credentials, cve, cyber, cybersecurity, data, data-breach, deep-fake, detection, docker, espionage, exploit, flaw, framework, fraud, google, government, group, guide, hacker, hacking, Hardware, identity, infrastructure, intelligence, Internet, iot, LLM, microsoft, mitigation, mitre, mobile, network, nist, risk, russia, scam, service, side-channel, software, strategy, switch, technology, threat, tool, update, vulnerability, vulnerability-management, windowsCheck out the FBI’s alert on Russia-backed hackers infiltrating critical infrastructure networks via an old Cisco bug. Plus, MITRE dropped a revamped list of the most important critical security flaws. Meanwhile, NIST rolled out a battle plan against face-morphing deepfakes. And get the latest on the CIS Benchmarks and on vulnerability prioritization strategies! Here are…
-
Google Cloud erweitert den Schutz der KI-Agenten
Um KI-Agenten noch umfassender zu schützen, stellt Google Cloud nun drei neue Funktionen vor, die Unternehmen dabei unterstützen, Agentic AI in Google Agentspace und Google Agent Builder abzusichern. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/google-cloud-erweitert-den-schutz-der-ki-agenten/a41766/
-
Honey, I shrunk the image and now I’m pwned
Google’s Gemini-powered tools tripped up by image-scaling prompt injection First seen on theregister.com Jump to article: www.theregister.com/2025/08/21/google_gemini_image_scaling_attack/
-
Cryptohack Roundup: New York Man, Firm to Pay $228M in Ponzi Scheme
Also: Coinbase’s Misconfigured Smart Contract, GMX Repayment Plans. This week, a Ponzi scammer must pay $228 million, Google clarified Play Store non-custodial wallet rules, Coinbase misconfiguration, GMX repayment, BtcTurk halted transfers, bank groups wrote lawmakers. Prosecutors seized funds. The Federal Reserve ended a special oversight program. Hong Kong published new rules. First seen on govinfosecurity.com…
-
Google Cloud Unveils AI Ally to Boost Security Defenses
Google Cloud unveils new AI-driven security tools to protect AI agents, strengthen defenses, and shape the future of cybersecurity operations First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/google-unveils-ai-security-tools/
-
Google yet to take down ‘screenshot-grabbing’ Chrome VPN extension
Researcher claims extension didn’t start out by exfiltrating info… while dev says its actions are ‘compliant’ First seen on theregister.com Jump to article: www.theregister.com/2025/08/21/freevpn_privacy_research/
-
Datenleck bei Grok: Hunderttausende private KI-Chats im Netz
Elon Musks Chatbot Grok macht Nutzergespräche über Google auffindbar – darunter Anleitungen für Drogen und Bomben. First seen on golem.de Jump to article: www.golem.de/news/datenleck-bei-grok-hunderttausende-private-ki-chats-im-netz-2508-199380.html
-
Gemini AI Vulnerable to Calendar-Based Hack: What is Google’s Mitigation Approach?
Hidden prompts in Google Calendar events can trick Gemini AI into executing malicious commands via indirect prompt injection. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-gemini-indirect-prompt-injection-attack/