Tag: google
268 articles

three new malware families: Exclusive Critical Threat
Heads-up: Google TAG says Russia-linked COLDRIVER has churned out three new malware families and is retooling them within days—an accelerated development pace that makes signature-based defenses brittle and raises the urgency for MFA, behavior-based EDR, and proactive threat hunting.

EtherHiding in smart contracts: Exclusive Critical Threat
Imagine the smart contracts you trust quietly carrying malware — researchers say a North Korean‑linked group used a new EtherHiding trick to embed and trigger malicious payloads in blockchain contracts. Defenders now need to move beyond static code checks and adopt runtime monitoring to stop these covert distribution channels before they steal funds.

trusted contacts: Must-Have Best Fix for Gmail Lockouts
Google now lets you name trusted contacts to help recover your Gmail when phones, backup emails, or hardware keys fail. It’s a handy way to avoid long lockouts—just choose people you truly trust.

machine learning and generative AI: Must-Have Cyber Risks
When a single ransomware strike toppled 158‑year‑old Passwork KNP and put 700 people out of work, it exposed how machine learning and generative AI have made powerful cyberattacks cheap and easy; consider this a wake‑up call to harden defenses, test backups, and treat cyber risk as core operational priority.

Microsoft 365 Education Risky: Stunning GDPR Alert
An Austrian regulator has ruled Microsoft 365 Education illegally tracked pupils, a landmark GDPR decision that could force cloud giants to adopt privacy-by-default settings and clarify who’s truly responsible for protecting kids’ data. Parents and schools deserve tools that safeguard students without breaking classroom tech.

AI Vulnerability Reward Program: Exclusive $30K Best Win
Google’s new AI Vulnerability Reward Program offers up to $30,000 to researchers who responsibly report model flaws — a smart, practical move to incentivize fixes, curb abuse, and make AI safer for everyone.

Oracle E-Business Suite Risky: Must-Have Breach Guide
Google’s Threat Analysis Group says the Clop ransomware gang accessed a large volume of data from Oracle E-Business Suite — a wake-up call for any org that hasn’t checked who holds the keys to its crown jewels. Now’s the time to hunt for shadow EBS instances, tighten access, and patch or segment vulnerable systems before attackers turn stolen data into extortion.

Oracle E-Business Suite: Stunning Critical Breach Risk
A zero-day in Oracle E-Business Suite, actively exploited by CL0P since Aug. 9, 2025, likely hit dozens of organizations and put payroll, financial and HR data at risk. Security teams and leaders are racing to contain the damage, patch systems and lock down access before attackers strike again.

free VPN apps: Risky Secrets & Must-Have Warning
Think “free VPN” means safe? A Zimperium study shows many no-cost VPN apps harbor serious flaws that can leak your data or let attackers intercept traffic — so choose reputable, audited services or risk trading privacy for peril.

Clop ransomware: Exclusive Risky Extortion Alert
Extortion emails claiming stolen Oracle E‑Business Suite data are rattling execs — but Google and Mandiant say they’ve found no proof, leaving companies stuck between precaution and panic. The result: tough choices about trust, disclosure and whether to pay up for silence when the evidence is murky.

AI detection layer: Must-Have Shield or Risky Hype
Google’s new AI-powered Drive feature pauses desktop sync when it spots suspicious file activity to curb ransomware spread — a smart last line of defense that buys IT teams time, but experts warn it’s a helpful stopgap, not a silver bullet against determined attackers.

log-to-prompt injection: Risky Gemini Flaw Exposed
Researchers uncovered three now-patched Gemini vulnerabilities that could let attackers use prompt- and log‑injection tricks to expose personal and corporate data — a stark reminder that AI conveniences like personalization and logging can become dangerous attack surfaces.

indirect prompt injection: Stunning Risk Exposed
A trio of vulnerabilities in Google’s Gemini shows how indirect prompt injection—hiding instructions in files, metadata or chained APIs—can trick AI into leaking data or taking unintended actions, proving that securing models means vetting every input source, not just user prompts.

BRICKSTORM backdoor: Stunning Dangerous Threat Exposed
BRICKSTORM is a stealthy backdoor tied to a Chinese‑aligned group that quietly harvests telemetry to help build and refine zero‑day exploits—what looks like a low‑impact intrusion today could be tomorrow’s weapon. Security teams should hunt, patch, and harden now before collected data is turned into lasting capability.

Google Threat Intelligence: Exclusive Risky 393-Day Breach
Google says China-linked attackers have quietly lived inside many enterprise networks since March — an average of 393 days — installing persistent backdoors and exfiltrating sensitive IP. The takeaway: tighten access, boost detection, and treat long dwell times as an urgent business and security priority.

Chrome zero-day: Must-Have Critical Fixes
From a Chrome zero-day and AI-sped exploit tooling to an npm worm and unsettling DDR5 quirks, this week’s incidents prove attackers are iterating faster than fixes—so prioritize automated patching, supply-chain hygiene, and layered defenses before the next flaw becomes a blueprint.

AI agents: Must-Have Best Practices for Security
You likely have forgotten service accounts, API keys, and AI agents running everywhere that quietly widen your attack surface — but with a clear inventory, short‑lived credentials, and assigned ownership you can start regaining control. Begin small: catalog a critical app, enforce least privilege, and measure detection and remediation to prove the approach scales.

Chrome 0-day Emergency: Must-Fix for Risky Flaw
Google just pushed an emergency Chrome patch for a high‑severity zero‑day being actively exploited — please check your Chrome version and update now. This is the latest in a string of browser flaws that remind users and admins alike to stay vigilant and tighten protections.

hardcoded secrets: Stunning Risky Mobile Crisis
One in three Android apps — and over half of iOS apps — are leaking sensitive data through insecure APIs and hardcoded secrets, putting your personal info and company systems at risk. Luckily, with smarter developer practices, better tooling and a few simple precautions, we can close those easy doors before attackers walk through.

Rowhammer vulnerability: Stunning DDR5 Security Risk
Researchers from Google Project Zero and ETH Zurich have uncovered a new Rowhammer-style flaw that can bypass DDR5 protections on certain AMD + SK Hynix combos, potentially letting attackers flip or read memory beyond intended bounds. If you run affected hardware, keep an eye on vendor advisories and apply firmware or microcode updates as they become available.

Law Enforcement Request System: Stunning Risky Breach
Google just revealed that criminals created a fraudulent account in its Law Enforcement Request System (LERS), exposing a worrying gap in the trusted channel police and courts use to obtain sensitive user data. The incident sparks a necessary push to tighten verification, protect investigations, and rebuild public confidence in the systems meant to keep us safe.

phishing-as-a-service: Stunning Risky Threat
Think a thief who never touches the lock — VoidProxy is a phishing-as-a-service that intercepts live logins, relays MFA and session tokens in real time, and lets attackers quietly hijack Microsoft and Google accounts. Learn why layered defenses, hardware-backed keys, and session risk detection are now essential to stop these fast, stealthy takeovers.

Salesloft GitHub repository Massive Risky Breach
A March compromise of a Salesloft GitHub repo was used to pivot into Drift, touching hundreds of companies — including Google, Palo Alto Networks and Cloudflare — and exposing how fragile software supply chains and leaked tokens can be. Now’s the time to assume compromise: scan repos for secrets, rotate credentials, lock down permissions, and demand better transparency from your vendors.

GPUGate malware: Exclusive Risky Search-Ad Campaign
Think twice before clicking that top search result—new GPUGate malvertising buys Google Ads and even fakes GitHub commit hashes to push trojanized installers that look legit. Protect yourself by sticking to official project pages, verifying signatures, and avoiding downloads from ad links.