Tag: google

New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch

Jun 3, 2025 6:54 AM

Tags: browser, chrome, cve, exploit, flaw, google, update, vulnerability, zero-day

Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild.The high-severity flaw is being tracked as CVE-2025-5419, and has been flagged as an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine.”Out of bounds…
Qualcomm Fixes Three Adreno GPU Flaws Abused in Android Attacks

Jun 2, 2025 11:54 PM

Tags: android, attack, exploit, flaw, google, intelligence, threat, vulnerability, zero-day

Qualcomm issued patches for three zero-day vulnerabilities in its Adreno GPUs that Google threat intelligence researchers said were being exploited in “limited, targeted” attacks against Android devices. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/qualcomm-fixes-three-adreno-gpu-flaws-abused-in-android-attacks/
Getting the Most Value Out of the OSCP: After the Exam

Jun 2, 2025 10:54 PM

Tags: access, attack, automation, bug-bounty, business, cloud, compliance, conference, control, corporate, credentials, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, flaw, framework, google, governance, group, guide, hacker, hacking, incident response, infosec, injection, intelligence, Internet, iran, jobs, kali, linkedin, linux, malicious, malware, microsoft, mobile, network, office, open-source, penetration-testing, powershell, privacy, RedTeam, reverse-engineering, risk, service, skills, soc, social-engineering, sql, strategy, stuxnet, technology, threat, tool, training, update, vulnerability, windows

In the final post of this series, I’ll discuss what to do after your latest exam attempt to get the most value out of your OSCP journey. DISCLAIMER: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements. I have not been…
Google Chrome to distrust Chunghwa Telecom, Netlock certificates in August

Jun 2, 2025 7:54 PM

Tags: browser, chrome, compliance, google

Google says it will no longer trust root CA certificates signed by Chunghwa Telecom and Netlock in the Chrome Root Store due to a pattern of compliance failures and failure to make improvements. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-chrome-to-distrust-chunghwa-telecom-netlock-certificates-in-august/
Qualcomm fixed three zero-days exploited in limited, targeted attacks

Jun 2, 2025 6:54 PM

Tags: android, attack, cve, exploit, google, update, vulnerability, zero-day

Qualcomm addressed three zero-day vulnerabilities that, according to the company, have been exploited in limited, targeted attacks in the wild. Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, targeted attacks in the wild. Google Android Security team reported the three issues, tracked as CVE-2025-21479, CVE-2025-21480,…
Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU

Jun 2, 2025 5:54 PM

Tags: android, attack, cve, exploit, flaw, google, update, vulnerability, zero-day

Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, targeted attacks in the wild.The flaws in question, which were responsibly disclosed to the company by the Google Android Security team, are listed below -CVE-2025-21479 and CVE-2025-21480 (CVSS score: 8.6) – Two incorrect authorization vulnerabilities in the…
Google Launches AI Edge Gallery App for Local AI Model Execution

Jun 2, 2025 4:54 PM

Tags: ai, google, privacy

Google AI Edge Gallery app, enabling on-device AI processing for enhanced privacy and performance. Try it today! First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/google-launches-ai-edge-gallery-app-for-local-ai-model-execution/
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 47

Jun 1, 2025 3:55 PM

Tags: data, google, international, leak, malicious, malware, network, powershell, russia

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape 60 Malicious npm Packages Leak Network and Host Data in Active Malware Campaign Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents Inside a VenomRAT Malware Campaign Fake Google Meet Page Tricks Users into Running PowerShell Malware…
Meta AI hat Gemini als datenhungrigsten Chatbot abgelöst

Jun 1, 2025 5:55 AM

Tags: ai, google

Google Gemini hat abgedankt. Meta hat kürzlich seine Chatbot-App Meta AI vorgestellt, die als neuer Datenkönig gilt. Laut einer Studie des Cybersicherheitsunternehmens Surfshark sammelt Meta AI Nutzerdaten wie niemand zuvor [1]. Dieser Chatbot übertrifft alle anderen analysierten Chatbots, da er 32 von 35 Datentypen erfasst, was mehr als doppelt so viel ist wie der Durchschnitt….…
Credential phishing facilitated by Google Apps Script exploitation

May 30, 2025 10:55 PM

Tags: credentials, exploit, google, phishing

First seen on scworld.com Jump to article: www.scworld.com/brief/credential-phishing-facilitated-by-google-apps-script-exploitation
Threat Actors Exploit Google Apps Script to Host Phishing Sites

May 30, 2025 5:55 PM

Tags: attack, cyber, defense, email, exploit, google, phishing, threat

The Cofense Phishing Defense Center has uncovered a highly strategic phishing campaign that leverages Google Apps Script a legitimate development platform within Google’s ecosystem to host deceptive phishing pages. This attack, masquerading as an invoice email, exploits the inherent trust users place in Google’s trusted environment to trick recipients into divulging sensitive information. A Sophisticated…
New Rust-Based InfoStealer Uses Fake CAPTCHA to Deliver EDDIESTEALER

May 30, 2025 10:55 AM

Tags: captcha, cyber, data, google, malicious, powershell, rust, social-engineering, windows

A newly discovered Rust-based infostealer, dubbed EDDIESTEALER, has been uncovered by Elastic Security Labs, spreading through a sophisticated social engineering tactic involving fake CAPTCHA verification pages. Mimicking legitimate CAPTCHA systems like Google’s reCAPTCHA, these malicious prompts deceive users into executing harmful PowerShell scripts, ultimately deploying the infostealer on Windows systems to harvest sensitive data such…
Warning: Threat actors now abusing Google Apps Script in phishing attacks

May 30, 2025 5:55 AM

Tags: access, attack, awareness, cloud, communications, control, credentials, defense, email, google, login, malicious, microsoft, password, phishing, service, tactics, threat, tool, training

script[.]google[.]com. The attacker is betting the user will see and trust the Google brand, and therefore trust the content.”By using a trusted platform to host the phishing page, the threat actor creates a false sense of security, obscuring the underlying threat with the goal of getting the recipient to enter their email and password without…
APT41 Uses Google Calendar as Covert C2 in Stealthy Cyberespionage Campaign

May 30, 2025 5:55 AM

Tags: cloud, cyberespionage, google, group, intelligence, service, threat

In an example of cloud service abuse, Google Threat Intelligence Group (GTIG) has uncovered a new APT41 campaign First seen on securityonline.info Jump to article: securityonline.info/apt41-uses-google-calendar-as-covert-c2-in-stealthy-cyberespionage-campaign/
APT41 Uses Google Calendar Events for C2

May 30, 2025 12:55 AM

Tags: china, control, google, infrastructure, threat

APT41, a Chinese state-sponsored threat actor also known as Double Dragon, used Google Calendar as command-and-control infrastructure during a campaign last fall. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/apt41-uses-google-calendar-events-c2
Breach Roundup: Spanish Hacker Alcasec Back in the Jailhouse

May 29, 2025 10:55 PM

Tags: breach, china, google, hacker, microsoft, scam, update

Also, Stolen Cookies for Sale, LexisNexis Breach and an FBI Warning. This week, Alcasec back in a Spanish jail, billions of stolen cookies and Chinese hackers used Google Calendar. LexisNexis and Adidas had breaches, a vishing warning from the FBI. ClickFix scammers used fake Google Meet pages, Victoria’s Secret went offline. Microsoft will update all…
Google Calendar-exploiting APT41 attack campaign disrupted

May 29, 2025 9:55 PM

Tags: attack, exploit, google

First seen on scworld.com Jump to article: www.scworld.com/brief/google-calendar-exploiting-apt41-attack-campaign-disrupted
Threat actors abuse Google Apps Script in evasive phishing attacks

May 29, 2025 6:55 PM

Tags: attack, google, phishing, risk, threat

Threat actors are abusing the trusted Google platform ‘Google Apps Script’ to host phishing pages, making them appear legitimate and eliminating the risk of them getting flagged by security tools. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/threat-actors-abuse-google-apps-script-in-evasive-phishing-attacks/
China-backed hackers hiding malware in calendar events

May 29, 2025 5:55 PM

Tags: china, cloud, exploit, google, group, hacker, malware, service, threat

The APT41 nation-state threat group is exploiting yet another cloud service to mask its operations, according to new research. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/china-hackers-google-calendar-events-research/749290/
Google co-founder Sergey Brin suggests threatening AI for better results

May 29, 2025 5:55 PM

Tags: ai, chatgpt, google

So much for buttering up ChatGPT with ‘Please’ and ‘Thank you’ First seen on theregister.com Jump to article: www.theregister.com/2025/05/28/google_brin_suggests_threatening_ai/
China-linked hackers exploit Google Calendar in cyberattacks on governments

May 29, 2025 3:55 PM

Tags: china, cyber, cyberattack, espionage, exploit, google, government, hacker, intelligence, threat

Google Threat Intelligence spotted the China-based operation known as APT41 leveraging the company’s own Calendar app as part of a cyber-espionage campaign. First seen on therecord.media Jump to article: therecord.media/china-linked-apt41-exploits-google-calendar-in-cyberattacks
China-linked APT41 used Google Calendar as C2 to control its TOUGHPROGRESS malware

May 29, 2025 2:55 PM

Tags: china, control, exploit, google, government, group, malware

Google says China-linked group APT41 controlled malware via Google Calendar to target governments through a hacked site. Google warns that China-linked APT41 used TOUGHPROGRESS malware with Google Calendar as C2, targeting various government entities via a compromised website.
New ChoiceJacking Exploit Targets Android and iOS via Infected Charging Ports

May 29, 2025 11:55 AM

Tags: android, apple, attack, cyber, cybersecurity, exploit, google, mobile, technology, threat

A team of cybersecurity researchers from the Institute of Information Security and A-SIT Secure Information Technology Centre Austria has unveiled a new class of USB-based attacks on mobile devices, dubbed “ChoiceJacking.” This attack revives and surpasses the notorious “juice jacking” threat from a decade ago, which prompted Apple and Google to introduce user confirmation prompts…
Chinese APT41 Exploits Google Calendar for Malware CommandControl Operations

May 29, 2025 9:55 AM

Tags: china, cloud, control, exploit, google, government, malware, threat

Google on Wednesday disclosed that the Chinese state-sponsored threat actor known as APT41 leveraged a malware called TOUGHPROGRESS that uses Google Calendar for command-and-control (C2).The tech giant, which discovered the activity in late October 2024, said the malware was hosted on a compromised government website and was used to target multiple other government entities.”Misuse of…
APT Hackers Turn Google Calendar Into Command Hub Using TOUGHPROGRESS Malware, Google Alerts

May 29, 2025 9:55 AM

Tags: apt, control, cyber, exploit, google, government, group, hacker, intelligence, malware, threat

Google Threat Intelligence Group (GTIG), a sophisticated malware campaign dubbed >>TOUGHPROGRESS
APT41 malware abuses Google Calendar for stealthy C2 communication

May 29, 2025 12:55 AM

Tags: china, cloud, control, google, group, hacking, malicious, malware

The Chinese APT41 hacking group uses a new malware named ‘ToughProgress’ that abuses Google Calendar for command-and-control (C2) operations, hiding malicious activity behind a trusted cloud service. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apt41-malware-abuses-google-calendar-for-stealthy-c2-communication/
Chinese hackers used Google Calendar to aid attacks on government entities

May 28, 2025 9:55 PM

Tags: attack, china, google, government, group, hacker, intelligence, threat

Google Threat Intelligence Group said it developed means to counter the activity, which it linked to APT41. First seen on cyberscoop.com Jump to article: cyberscoop.com/google-calendar-apt-41-c2-winnti/
Instagram Boss Warns of ‘Sophisticated’ Google Phishing Scam

May 28, 2025 9:55 PM

Tags: google, phishing, scam

Instagram head Adam Mosseri nearly fell for a convincing phishing scam posing as Google. Learn how attackers use real domains”, and how to stay safe. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/instagram-boss-google-phishing/
If you use OneDrive to upload files to ChatGPT or Zoom, don’t

May 28, 2025 3:55 PM

Tags: access, api, chatgpt, compliance, corporate, cybersecurity, data, google, governance, least-privilege, microsoft, mitigation, risk, saas, security-incident, service, strategy, threat, tool

Web app vendors aren’t off the hook: This could be bad news for security teams, according to Eric Schwake, director of cybersecurity strategy at Salt Security. “Sensitive secrets required for this access are often stored in an insecure manner by default,” Schwake said. “This situation presents a key API security challenge for security teams, and…
Google warns of Vietnam-based hackers using bogus AI video generators to spread malware

May 28, 2025 3:55 PM

Tags: ai, google, hacker, malware, mandiant, tool

Hackers likely based in Vietnam advertised websites offering AI-powered video generation tools, according to Google’s Mandiant unit, and then used the sites to spread infostealers and other malware. First seen on therecord.media Jump to article: therecord.media/malvertising-vietnam-hackers-fake-ai-video-generators