Skip to main content

Tag: google

268 articles

three new malware families: Exclusive Critical Threat

three new malware families: Exclusive Critical Threat

Heads-up: Google TAG says Russia-linked COLDRIVER has churned out three new malware families and is retooling them within days—an accelerated development pace that makes signature-based defenses brittle and raises the urgency for MFA, behavior-based EDR, and proactive threat hunting.

Analyst 207
EtherHiding in smart contracts: Exclusive Critical Threat

EtherHiding in smart contracts: Exclusive Critical Threat

Imagine the smart contracts you trust quietly carrying malware — researchers say a North Korean‑linked group used a new EtherHiding trick to embed and trigger malicious payloads in blockchain contracts. Defenders now need to move beyond static code checks and adopt runtime monitoring to stop these covert distribution channels before they steal funds.

Analyst 207
Person locked out of sleek glass door, surrounded by padlocks, with hopeful light in background and trusted friend holding…

trusted contacts: Must-Have Best Fix for Gmail Lockouts

Google now lets you name trusted contacts to help recover your Gmail when phones, backup emails, or hardware keys fail. It’s a handy way to avoid long lockouts—just choose people you truly trust.

Analyst 207
machine learning and generative AI: Must-Have Cyber Risks

machine learning and generative AI: Must-Have Cyber Risks

When a single ransomware strike toppled 158‑year‑old Passwork KNP and put 700 people out of work, it exposed how machine learning and generative AI have made powerful cyberattacks cheap and easy; consider this a wake‑up call to harden defenses, test backups, and treat cyber risk as core operational priority.

Analyst 207
Microsoft 365 Education Risky: Stunning GDPR Alert

Microsoft 365 Education Risky: Stunning GDPR Alert

An Austrian regulator has ruled Microsoft 365 Education illegally tracked pupils, a landmark GDPR decision that could force cloud giants to adopt privacy-by-default settings and clarify who’s truly responsible for protecting kids’ data. Parents and schools deserve tools that safeguard students without breaking classroom tech.

Analyst 207
AI Vulnerability Reward Program: Exclusive $30K Best Win

AI Vulnerability Reward Program: Exclusive $30K Best Win

Google’s new AI Vulnerability Reward Program offers up to $30,000 to researchers who responsibly report model flaws — a smart, practical move to incentivize fixes, curb abuse, and make AI safer for everyone.

Analyst 207
Oracle E-Business Suite Risky: Must-Have Breach Guide

Oracle E-Business Suite Risky: Must-Have Breach Guide

Google’s Threat Analysis Group says the Clop ransomware gang accessed a large volume of data from Oracle E-Business Suite — a wake-up call for any org that hasn’t checked who holds the keys to its crown jewels. Now’s the time to hunt for shadow EBS instances, tighten access, and patch or segment vulnerable systems before attackers turn stolen data into extortion.

Analyst 207
Oracle E-Business Suite: Stunning Critical Breach Risk

Oracle E-Business Suite: Stunning Critical Breach Risk

A zero-day in Oracle E-Business Suite, actively exploited by CL0P since Aug. 9, 2025, likely hit dozens of organizations and put payroll, financial and HR data at risk. Security teams and leaders are racing to contain the damage, patch systems and lock down access before attackers strike again.

Analyst 207
free VPN apps: Risky Secrets & Must-Have Warning

free VPN apps: Risky Secrets & Must-Have Warning

Think “free VPN” means safe? A Zimperium study shows many no-cost VPN apps harbor serious flaws that can leak your data or let attackers intercept traffic — so choose reputable, audited services or risk trading privacy for peril.

Analyst 207
Clop ransomware: Exclusive Risky Extortion Alert

Clop ransomware: Exclusive Risky Extortion Alert

Extortion emails claiming stolen Oracle E‑Business Suite data are rattling execs — but Google and Mandiant say they’ve found no proof, leaving companies stuck between precaution and panic. The result: tough choices about trust, disclosure and whether to pay up for silence when the evidence is murky.

Analyst 207
AI detection layer: Must-Have Shield or Risky Hype

AI detection layer: Must-Have Shield or Risky Hype

Google’s new AI-powered Drive feature pauses desktop sync when it spots suspicious file activity to curb ransomware spread — a smart last line of defense that buys IT teams time, but experts warn it’s a helpful stopgap, not a silver bullet against determined attackers.

Analyst 207
log-to-prompt injection: Risky Gemini Flaw Exposed

log-to-prompt injection: Risky Gemini Flaw Exposed

Researchers uncovered three now-patched Gemini vulnerabilities that could let attackers use prompt- and log‑injection tricks to expose personal and corporate data — a stark reminder that AI conveniences like personalization and logging can become dangerous attack surfaces.

Analyst 207
indirect prompt injection: Stunning Risk Exposed

indirect prompt injection: Stunning Risk Exposed

A trio of vulnerabilities in Google’s Gemini shows how indirect prompt injection—hiding instructions in files, metadata or chained APIs—can trick AI into leaking data or taking unintended actions, proving that securing models means vetting every input source, not just user prompts.

Analyst 207
BRICKSTORM backdoor: Stunning Dangerous Threat Exposed

BRICKSTORM backdoor: Stunning Dangerous Threat Exposed

BRICKSTORM is a stealthy backdoor tied to a Chinese‑aligned group that quietly harvests telemetry to help build and refine zero‑day exploits—what looks like a low‑impact intrusion today could be tomorrow’s weapon. Security teams should hunt, patch, and harden now before collected data is turned into lasting capability.

Analyst 207
Google Threat Intelligence: Exclusive Risky 393-Day Breach

Google Threat Intelligence: Exclusive Risky 393-Day Breach

Google says China-linked attackers have quietly lived inside many enterprise networks since March — an average of 393 days — installing persistent backdoors and exfiltrating sensitive IP. The takeaway: tighten access, boost detection, and treat long dwell times as an urgent business and security priority.

Analyst 207
Chrome zero-day: Must-Have Critical Fixes

Chrome zero-day: Must-Have Critical Fixes

From a Chrome zero-day and AI-sped exploit tooling to an npm worm and unsettling DDR5 quirks, this week’s incidents prove attackers are iterating faster than fixes—so prioritize automated patching, supply-chain hygiene, and layered defenses before the next flaw becomes a blueprint.

Analyst 207
AI agents: Must-Have Best Practices for Security

AI agents: Must-Have Best Practices for Security

You likely have forgotten service accounts, API keys, and AI agents running everywhere that quietly widen your attack surface — but with a clear inventory, short‑lived credentials, and assigned ownership you can start regaining control. Begin small: catalog a critical app, enforce least privilege, and measure detection and remediation to prove the approach scales.

Analyst 207
Chrome 0-day Emergency: Must-Fix for Risky Flaw

Chrome 0-day Emergency: Must-Fix for Risky Flaw

Google just pushed an emergency Chrome patch for a high‑severity zero‑day being actively exploited — please check your Chrome version and update now. This is the latest in a string of browser flaws that remind users and admins alike to stay vigilant and tighten protections.

Analyst 207
hardcoded secrets: Stunning Risky Mobile Crisis

hardcoded secrets: Stunning Risky Mobile Crisis

One in three Android apps — and over half of iOS apps — are leaking sensitive data through insecure APIs and hardcoded secrets, putting your personal info and company systems at risk. Luckily, with smarter developer practices, better tooling and a few simple precautions, we can close those easy doors before attackers walk through.

Analyst 207
Rowhammer vulnerability: Stunning DDR5 Security Risk

Rowhammer vulnerability: Stunning DDR5 Security Risk

Researchers from Google Project Zero and ETH Zurich have uncovered a new Rowhammer-style flaw that can bypass DDR5 protections on certain AMD + SK Hynix combos, potentially letting attackers flip or read memory beyond intended bounds. If you run affected hardware, keep an eye on vendor advisories and apply firmware or microcode updates as they become available.

Analyst 207
Law Enforcement Request System: Stunning Risky Breach

Law Enforcement Request System: Stunning Risky Breach

Google just revealed that criminals created a fraudulent account in its Law Enforcement Request System (LERS), exposing a worrying gap in the trusted channel police and courts use to obtain sensitive user data. The incident sparks a necessary push to tighten verification, protect investigations, and rebuild public confidence in the systems meant to keep us safe.

Analyst 207
phishing-as-a-service: Stunning Risky Threat

phishing-as-a-service: Stunning Risky Threat

Think a thief who never touches the lock — VoidProxy is a phishing-as-a-service that intercepts live logins, relays MFA and session tokens in real time, and lets attackers quietly hijack Microsoft and Google accounts. Learn why layered defenses, hardware-backed keys, and session risk detection are now essential to stop these fast, stealthy takeovers.

Analyst 207
Salesloft GitHub repository Massive Risky Breach

Salesloft GitHub repository Massive Risky Breach

A March compromise of a Salesloft GitHub repo was used to pivot into Drift, touching hundreds of companies — including Google, Palo Alto Networks and Cloudflare — and exposing how fragile software supply chains and leaked tokens can be. Now’s the time to assume compromise: scan repos for secrets, rotate credentials, lock down permissions, and demand better transparency from your vendors.

Analyst 207
GPUGate malware: Exclusive Risky Search-Ad Campaign

GPUGate malware: Exclusive Risky Search-Ad Campaign

Think twice before clicking that top search result—new GPUGate malvertising buys Google Ads and even fakes GitHub commit hashes to push trojanized installers that look legit. Protect yourself by sticking to official project pages, verifying signatures, and avoiding downloads from ad links.

Analyst 207