Tag: google
-
Android malware Anatsa infiltrates Google Play to target US banks
The Anatsa banking trojan has sneaked into Google Play once more via an app posing as a PDF viewer that counted more than 50,000 downloads. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/android-malware-anatsa-infiltrates-google-play-to-target-us-banks/
-
Malicious Chrome extensions with 1.7M installs found on Web Store
Almost a dozen malicious extensions with 1.7 million downloads in Google’s Chrome Web Store could track users, steal browser activity, and redirect to potentially unsafe web addresses. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-chrome-extensions-with-17m-installs-found-on-web-store/
-
Chrome Store Features Extension Poisoned With Sophisticated Spyware
A color picker for Google’s browser with more than 100,000 downloads hijacks sessions every time a user navigates to a new webpage and also redirects them to malicious sites. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/chrome-store-features-extension-poisoned-sophisticated-spyware
-
U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog
Tags: browser, chrome, cisa, cve, cybersecurity, exploit, flaw, google, infrastructure, kev, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Chromium V8 vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Chromium V8 vulnerability, tracked as CVE-2025-6554, to its Known Exploited Vulnerabilities (KEV) catalog. Last week, Google released security patches to address the Chrome vulnerability CVE-2025-6554 for which an exploit is…
-
July 2025 Patch Tuesday forecast: Take a break from the grind
There was a barrage of updates released the week of June 2025 Patch Tuesday. This included security updates from Adobe, Google, Microsoft, Mozilla, and others. But it has been … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/07/july-2025-patch-tuesday-forecast/
-
Week in review: Sudo local privilege escalation flaws fixed, Google patches actively exploited Chrome
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/06/week-in-review-sudo-local-privilege-escalation-flaws-fixed-google-patches-actively-exploited-chrome/
-
Google’s AI video maker Veo 3 is now available via $20 Gemini
Google says Veo 3, which is the company’s state-of-the-art video generator, is now shipping to everyone using the Gemini app with a $20 subscription. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/artificial-intelligence/googles-ai-video-maker-veo-3-is-now-available-via-20-gemini/
-
Google fined $314M for misusing idle Android users’ data
Google must pay $314M after a California court ruled it misused idle Android users’ data. The case ends a class-action suit filed in August 2019. A San Jose jury ruled that Google misused Android users’ cell phone data and must pay over $314.6 million in damages to affected users in California. Google is liable for…
-
Massive Android Ad Fraud ‘IconAds’ Uses Google Play to Target and Exploit Users
HUMAN’s Satori Threat Intelligence and Research Team has dismantled a sprawling ad fraud operation named IconAds, which infiltrated the Google Play Store with 352 malicious apps. At its peak, this scheme generated a staggering 1.2 billion bid requests daily, flooding users’ screens with out-of-context ads while employing cunning tactics to hide app icons and obscure…
-
Google Ordered to Pay $314M for Misusing Android Users’ Cellular Data Without Permission
Google has been ordered by a court in the U.S. state of California to pay $314 million over charges that it misused Android device users’ cellular data when they were idle to passively send information to the company.The verdict marks an end to a legal class-action complaint that was originally filed in August 2019.In their…
-
Google Ordered to Pay $314M for Misusing Android Users’ Cellular Data Without Permission
Google has been ordered by a court in the U.S. state of California to pay $314 million over charges that it misused Android device users’ cellular data when they were idle to passively send information to the company.The verdict marks an end to a legal class-action complaint that was originally filed in August 2019.In their…
-
Google open-sources privacy tech for age verification
Age verification is becoming more common across websites and online services. But many current methods require users to share personal data, like a full ID or birthdate, which … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/03/google-zero-knowledge-proofs-zkp/
-
GerriScary: Tenable entdeckt Supply-Chain-Schwachstelle in beliebten Google Projekten
GerriScary zeigt deutlich, warum proaktive Sicherheit unverzichtbar ist. In zunehmend komplexen IT-Umgebungen müssen Security-Teams Schwachstellen frühzeitig erkennen und beheben, damit Angreifer erst gar nicht die Chance haben, sie auszunutzen First seen on infopoint-security.de Jump to article: www.infopoint-security.de/gerriscary-tenable-entdeckt-supply-chain-schwachstelle-in-beliebten-google-projekten/a41286/
-
California jury orders Google to pay $314 million over data transfers from Android phones
Google’s data transfers from idle Android phones on cellular networks essentially amounted to stealing, lawyers alleged in a class-action case where a jury awarded $314 million to plaintiffs. Google said it will appeal. First seen on therecord.media Jump to article: therecord.media/google-lawsuit-data-collection-android-cellular
-
Vulnerable Protection Relays Put Power Grid at Risk
Google’s Mandiant Warns About Remote Attacks Disrupting Grid Stability. Vulnerabilities in networked devices programmed to instantaneously trip power grid substation circuit breakers could be the means hackers use to cause the next blackout, warn researchers. There are systemic patterns across substations, utilities and industrial sites worldwide, Mandiant warned. First seen on govinfosecurity.com Jump to article:…
-
Google fixes type confusion flaw in Chrome browser
An actively exploited type confusion vulnerability in the Google Chrome web browser needs immediate attention from users First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366626960/Google-fixes-type-confusion-flaw-in-Chrome-browser
-
Auf der Suche nach Alternativen zum CVE-Programm
Tags: advisory, ceo, cisa, cve, cvss, cyber, cyersecurity, exploit, github, google, group, infrastructure, intelligence, kev, microsoft, nist, nvd, open-source, oracle, ransomware, resilience, risk, siem, soar, software, supply-chain, threat, tool, update, vulnerability, vulnerability-management, zero-daySollte das CVE-Programm eingestellt werden, wäre die Bewertung und Behebung von Sicherheitslücken schwieriger.Der jüngste kurze Panikausbruch wegen der möglichen Einstellung des Common Vulnerabilities and Exposures (CVE)-Programms hat die starke Abhängigkeit der Sicherheitsbranche von diesem Programm deutlich gemacht. Er führte zu Diskussionen über Notfallstrategien , falls das standardisierte System zur Identifizierung und Katalogisierung von Schwachstellen nicht…
-
CVE-2025-6554 is the fourth Chrome zero-day patched by Google in 2025
Google released security patches to address a Chrome vulnerability, tracked as CVE-2025-6554, for which an exploit exists in the wild. Google released security patches to address a Chrome vulnerability, tracked as CVE-2025-6554, for which an exploit is available in the wild. >>Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker…
-
Google Issues Emergency Patch for Fourth Chrome Zero-Day of 2025
Google has patched a critical type confusion vulnerability in Chrome, the fourth zero-day fix in 2025 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/google-patch-chrome-zero-day/
-
GDPR violations prompt Germany to push Google and Apple to ban DeepSeek AI
Germany asked Google and Apple to remove DeepSeek AI from their app stores, citing GDPR violations over unlawful data collection and transfers to China. The Berlin Commissioner for Data Protection requested Google and Appleto remove the DeepSeek AI app from their app stores due to GDPR violations. On May 6, 2025, Berlin’s Data Protection Commissioner…
-
Chrome Zero-Day CVE-2025-6554 Under Active Attack, Google Issues Security Update
Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild.The zero-day vulnerability, tracked as CVE-2025-6554 (CVSS score: N/A), has been described as a type confusing flaw in the V8 JavaScript and WebAssembly engine.”Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a…
-
Etsy Stops Unwanted Traffic Reduces Computing Costs with DataDome Google
Discover how Etsy reduced bot traffic, cut computing costs, and protected user experience by integrating DataDome’s AI-powered bot protection with Google Cloud. A smart move for scale and savings. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/etsy-stops-unwanted-traffic-reduces-computing-costs-with-datadome-google/
-
Google fixes fourth actively exploited Chrome zero-day of 2025
Google has released emergency updates to patch another Chrome zero-day vulnerability exploited in attacks, marking the fourth such flaw fixed since the start of the year. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-fixes-fourth-actively-exploited-chrome-zero-day-of-2025/
-
Google patches actively exploited Chrome (CVE”‘2025″‘6554)
Google has released a security update for Chrome to address a zero”‘day vulnerability (CVE-2025-6554) that its Threat Analysis Group (TAG) discovered and reported last week. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/01/google-patches-actively-exploited-chrome-cve-2025-6554/
-
New C4 Bomb Attack Breaks Through Chrome’s AppBound Cookie Protections
Tags: attack, breach, browser, chrome, credentials, cyber, cybersecurity, data, encryption, google, risk, theftCybersecurity researchers have unveiled a new attack”, dubbed the “C4 Bomb” (Chrome Cookie Cipher Cracker)”, that successfully bypasses Google Chrome’s much-touted AppBound Cookie Encryption. This breakthrough exposes millions of users to renewed risks of cookie theft, credential compromise, and potential data breaches, despite Google’s recent efforts to harden Chrome against infostealer malware. AppBound Cookie Encryption…
-
Google Patches Critical Zero-Day Flaw in Chrome’s V8 Engine After Active Exploitation
Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild.The zero-day vulnerability, tracked as CVE-2025-6554 (CVSS score: N/A), has been described as a type confusing flaw in the V8 JavaScript and WebAssembly engine.”Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a…
-
Chrome 0-Day Flaw Exploited in the Wild to Execute Arbitrary Code
Google has issued an urgent security update for its Chrome browser, addressing a critical zero-day vulnerability that is being actively exploited by attackers. The flaw, tracked asCVE-2025-6554, is atype confusionvulnerability in Chrome’s V8 JavaScript engine, which underpins the browser’s ability to process web content across Windows, macOS, and Linux platforms. The vulnerability was discovered by…
-
Germany asks Google, Apple to remove DeepSeek AI from app stores
The Berlin Commissioner for Data Protection has formally requested Google and Apple to remove the DeepSeek AI application from the application stores due to GDPR violations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/germany-asks-google-apple-remove-deepseek-ai-from-app-stores/
-
Germany asks Google, Apple remove DeepSeek AI from app stores
The Berlin Commissioner for Data Protection has formally requested Google and Apple to remove the DeepSeek AI application from the application stores due to GDPR violations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/germany-asks-google-apple-remove-deepseek-ai-from-app-stores/