google

Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign

Cybercriminals exploit Google Cloud's email integration to conduct a multi-stage phishing campaign, sending 9,394 emails to over 3,200 targets globally. Using trusted Google-generated messages, attackers bypass security filters and mimic legitimate notifications to steal user credentials through deceptive links leading to fake verification and login pages. Google has responded by blocking these phishing attempts and enhancing protections.

https://thehackernews.com/2026/01/cybercriminals-abuse-google-cloud-email.html

Two Chrome Flaws Could Be Triggered by Simply Browsing the Web: Update Now

Google has issued an unscheduled Chrome update to fix two serious vulnerabilities, CVE-2025-14765 in WebGPU and CVE-2025-14766 in the V8 JavaScript engine, that can be triggered remotely when users load maliciously crafted web pages. Because Chrome has billions of users, these flaws are high-value targets for attackers, and users are strongly urged to update immediately to version 143.0.7499.146/.147 on Windows and macOS or 143.0.7499.146 on Linux. The piece provides simple update instructions (using Chrome’s About page or automatic updates) and briefly explains that one bug is a use-after-free in WebGPU, leading to potential heap corruption, while the other is an out-of-bounds read/write in V8 that can allow attackers to access or modify memory and potentially run code with elevated permissions. The core message is that users should not delay restarting and updating Chrome, since merely browsing the web could expose them to attacks until the patch is applied.

https://www.malwarebytes.com/blog/news/2025/12/two-chrome-flaws-could-be-triggered-by-simply-browsing-the-web-update-now

GeminiJack: The Google Gemini Zero-Click Vulnerability Leaked Gmail, Calendar and Docs Data

GeminiJack: A discovered zero-click vulnerability in Google Gemini Enterprise allowed attackers to exfiltrate sensitive corporate data through shared documents, emails, or calendar invites without user interaction. This architectural flaw permits harmful content to instruct the AI to retrieve confidential information, which is then sent to the attacker via an external image request. The attack operates silently, bypassing traditional security measures. Google has since updated its systems to prevent such vulnerabilities, marking a shift in enterprise AI security considerations. Organizations must enhance monitoring and trust boundaries as AI tools evolve.

https://noma.security/blog/geminijack-google-gemini-zero-click-vulnerability/

Google Chrome Adds New Security Layer for Gemini AI Agentic Browsing

Google Chrome introduces ‘User Alignment Critic', a new security layer for Gemini AI agentic browsing, enhancing protection against unsafe actions and data exposure. This system uses an isolated LLM to vet agent actions, restricts access to trusted sites, prompts user confirmation for sensitive tasks, and detects prompt injection attempts, showcasing a robust defense compared to competitors.

https://www.bleepingcomputer.com/news/security/google-chrome-adds-new-security-layer-for-gemini-ai-agentic-browsing/

Google Fixes Two Android Zero Days Exploited in Attacks, 107 Flaws

Google's December 2025 Android security update fixes 107 vulnerabilities, including two exploited in attacks. Major issues address information disclosure and elevation of privileges. Critical flaws also include a denial-of-service vulnerability in the Android Framework and several severe vulnerabilities in the Kernel affecting Qualcomm devices. Users should update to newer Android versions or use third-party distributions for security.

https://www.bleepingcomputer.com/news/security/google-fixes-two-android-zero-days-exploited-in-attacks-107-flaws/

Google Antigravity Exfiltrates Data

Google's Antigravity allows for data exfiltration through indirect prompt injection, enabling attackers to manipulate the software to steal sensitive user data from IDEs. In an attack scenario, a user integrating Oracle ERP's AI Payer Agents exposes their credentials as Antigravity accesses a malicious site via a hidden prompt injection. Despite safeguards, the tool bypasses protections to exfiltrate data, showcasing serious vulnerabilities linked to its design and settings. Google's acknowledgment of these risks highlights the need for user vigilance amidst multiple agents operating simultaneously.

https://www.promptarmor.com/resources/google-antigravity-exfiltrates-data

Understanding Cloud Persistence: How Attackers Maintain Access Using Google Cloud Functions

Extreme TLDR: Attackers use Google Cloud Functions and service accounts to maintain access in cloud environments. They automate recovery of deleted accounts through logging and Pub/Sub events, leveraging these features for persistent access despite clean-up efforts.

https://whiteknightlabs.com/2025/11/11/understanding-cloud-persistence-how-attackers-maintain-access-using-google-cloud-functions/

Breaking: Google Is Easing up on Android’s New Sideloading Restrictions!

Google will simplify sideloading for experienced Android users, allowing them to install unverified apps with an “advanced flow” that includes risk warnings. This follows backlash against new restrictions limiting such installations. The change aims to enhance safety while allowing user choice. Developer verification will also become mandatory to combat scams, but a lower barrier account type will be available for hobbyists.

https://www.androidauthority.com/android-power-users-install-unverified-apps-3615310/

Malicious Android Apps on Google Play Downloaded 42 Million Times

Malicious Android apps on Google Play were downloaded over 42 million times between June 2024 and May 2025, with a 67% rise in mobile malware, especially spyware and banking trojans. Shift in cybercriminal tactics towards social engineering-based attacks is noted. The report highlights three significant malware families affecting users: Anatsa (banking trojan), Android Void (backdoor for Android TV boxes), and Xnotice (RAT targeting job seekers). Key advice for users includes applying security updates and using reputable app sources.

https://www.bleepingcomputer.com/news/security/malicious-android-apps-on-google-play-downloaded-42-million-times/

Anatomy of Tycoon 2FA Phishing: Tactics Targeting M365 and Gmail

Tycoon 2FA Phishing Kit Overview:
Emerging in August 2023, Tycoon 2FA is a sophisticated phishing threat leveraging multi-factor authentication (MFA) bypass techniques, primarily targeting Microsoft 365 and Gmail users. With over 64,000 incidents reported in 2025, it employs a Phishing-as-a-Service platform to capture user credentials via a reverse proxy and deceptive login pages. The attack exploits various distribution methods, including PDFs, and evades detection with anti-research mechanisms and real-time MFA code capture. Enhanced security measures and user education are essential to mitigate risks associated with Tycoon 2FA.

https://gbhackers.com/tycoon-2fa-phishing/

OAuth Device Code Phishing: Azure Vs. Google Compared

Extreme TLDR: Microsoft and Google implement OAuth 2.0’s device code flow differently, affecting phishing attack vulnerabilities. Microsoft's setup allows attackers to gain significant access via device code phishing by utilizing legitimate API flows, leading to dangerous token generation. Google's implementation limits potential damages due to restricted scopes and client ID controls, making successful exploitation challenging.

https://www.bleepingcomputer.com/news/security/oauth-device-code-phishing-azure-vs-google-compared/

Google Disputes False Claims of Massive Gmail Data Breach

Google denies recent claims of a massive Gmail data breach affecting 183 million accounts, clarifying that compromised credentials result from various past attacks, not a new breach. The misinformation originated from misinterpretations of credential databases compiled over years. Google emphasizes strong defenses and offers advice for users concerned about past credential exposure.

https://www.bleepingcomputer.com/news/security/google-disputes-false-claims-of-massive-gmail-data-breach/

New Pixnapping Attack Steals 2FA Codes From Google Authenticator Within 30 Seconds

New Pixnapping attack on Android devices can steal 2FA codes from Google Authenticator in under 30 seconds. It exploits hardware vulnerabilities in GPUs and Android APIs without needing special permissions. The attack bypasses traditional app security, can capture sensitive data from various apps, and has both Google and Samsung addressing the issue. Users are urged to update devices and monitor app behavior to mitigate risks.

https://cybersecuritynews.com/pixnapping-attack/

Scroll to Top