A serious vulnerability, identified as CVE-2026-0073, has been discovered in the Android System component. This flaw allows attackers to execute remote code without any user interaction, posing a significant risk to devices running affected versions of Android. Users of Android devices should be particularly cautious, as this vulnerability could lead to unauthorized access and control over their devices. The potential for exploitation is high, making it crucial for users to apply the latest security updates. Android's security team has addressed this issue by releasing a patch to fix the vulnerability, and all users are encouraged to update their devices promptly to mitigate any risks.
Articles tagged "Google"
Found 117 articles
Recent research has revealed that scammers are exploiting Telegram's Mini App feature to conduct crypto scams and distribute Android malware. These operations involve impersonating reputable brands to trick users into providing personal information or investing in fraudulent schemes. The use of Telegram's platform allows these scams to reach a wide audience, putting many users at risk of financial loss and malware infections. This situation raises concerns about the security measures in place on social media platforms and highlights the need for users to be cautious when engaging with unfamiliar applications or links. Overall, this incident serves as a reminder for users to verify the legitimacy of offers and be vigilant against potential scams online.
A Vietnamese-linked phishing campaign, dubbed AccountDumpling, has been uncovered, targeting Facebook users. This operation employs Google AppSheet as a tool to send phishing emails aimed at stealing Facebook account credentials. Researchers estimate that around 30,000 accounts have been compromised, with the attackers selling the stolen information through an underground marketplace. This incident raises concerns about the effectiveness of current phishing defenses, as even reputable platforms like Google can be misused for malicious purposes. Users are advised to remain vigilant and employ strong security measures to protect their accounts.
Hackread – Cybersecurity News, Data Breaches, AI and More
Research conducted by LayerX has uncovered that 82 Chrome extensions have been collecting and selling user data, impacting at least 6.5 million users. These extensions utilized disclosed but troubling practices to gather personal information, raising significant privacy concerns. Users of these extensions may have unknowingly compromised their data, which could lead to targeted advertising or other privacy invasions. The findings emphasize the need for users to be cautious about the permissions they grant to browser extensions and to regularly review their installed extensions. This incident serves as a stark reminder of the potential risks associated with seemingly innocuous tools that can operate within web browsers.
SecurityWeek
Google has reported an increase in malicious AI prompt injection attacks, although many of these attempts are not sophisticated and pose little harm. Some of these exploits have been identified as potentially dangerous, indicating that while attackers are becoming more active, their methods remain relatively basic. The findings suggest that users and organizations interacting with AI systems should be aware of the risks associated with prompt injections. As AI technology continues to evolve, the security implications of these attacks could become more significant, making it essential for developers and users alike to stay vigilant and informed about the potential for exploitation.
Help Net Security
A recent study examining 1,000 Android apps revealed a significant disconnect between the logging practices of developers and the privacy policies drafted by legal teams. Developers often include log statements for debugging and performance tracking, but these logs may not align with what is disclosed in the apps' privacy policies. This inconsistency raises concerns about compliance with regulations like the General Data Protection Regulation (GDPR), as users may not be fully informed about the data being collected and how it's used. The findings suggest that companies need to improve communication between their development and legal teams to ensure transparency and proper user consent. This gap not only affects user trust but also increases the risk of legal repercussions for the companies involved.
A new variant of the NGate malware is targeting Android users by disguising itself within a trojanized version of HandyPay, a legitimate mobile payment app. This malware is designed to steal NFC payment data, posing a significant risk to users who rely on their smartphones for transactions. By embedding itself in a trusted application, attackers are increasing the chances that unsuspecting users will download and use the malicious version. Users of Android devices should be cautious about installing apps from unofficial sources and ensure they are using the latest security updates to protect their sensitive financial information. The implications of this malware are serious, as it could lead to unauthorized transactions and financial loss for those affected.
Vercel experienced a security breach due to a compromise of a third-party AI tool called Context.ai, which was being used by one of its employees. The breach occurred when attackers gained access to the employee's Google Workspace account, enabling them to infiltrate limited internal systems and access non-sensitive data. While the breach did not expose highly sensitive information, it raises concerns about the security of third-party tools and their impact on corporate networks. Vercel has reported this incident, and it serves as a reminder for companies to scrutinize the security measures of any external tools they integrate into their operations. Users and organizations relying on third-party applications must remain vigilant to protect their data and systems.
Google has agreed to pay $135 million in a settlement related to allegations that it collected data from Android phone users without their consent. The lawsuit claims that the company transmitted users' information over cellular connections even when they believed their data was secure. Affected users can file a claim to receive a portion of the settlement. This case raises important questions about user privacy and data handling practices, as many individuals may not be aware of how their data is being used. If you have an Android phone, it’s worth checking if you qualify to claim your share of this settlement.
Researchers have discovered that 100 Chrome extensions, published through five different accounts, are part of a coordinated campaign designed to steal user data and create backdoors. These malicious extensions utilize shared command and control (C&C) infrastructure, indicating a well-organized effort by the attackers. Users who have installed these extensions are at risk of having their data compromised, which could lead to identity theft or other forms of online fraud. This incident serves as a reminder for users to be cautious when installing browser extensions and to regularly review their installed add-ons for any suspicious activity. The findings underscore the need for enhanced scrutiny of browser extensions to protect user privacy and security.
Security researchers have identified a new Android banking trojan called Mirax, which is targeting users across Europe. This malware utilizes a method known as Malware-as-a-Service (MaaS) to infect devices, allowing cybercriminals to gain remote access and turn affected smartphones into residential proxy nodes. By doing this, attackers can route their malicious activities through the compromised devices, making it harder to trace their actions back to them. This poses a significant risk to users, as their personal data and banking information could be at risk. The emergence of Mirax highlights ongoing vulnerabilities in mobile security and the need for users to remain vigilant against such threats.
Help Net Security
Google is enhancing the security of its Pixel smartphones by focusing on the cellular baseband modem, which is responsible for mobile network communication. In the previous Pixel 9 model, the company implemented measures to mitigate memory-related vulnerabilities. With the upcoming Pixel 10, Google is taking further steps by incorporating a DNS parser built in the Rust programming language into the modem firmware. This change aims to bolster the device's defenses against potential exploitation of the modem, which can process external data. By addressing these vulnerabilities, Google is working to protect users from possible attacks that could compromise their devices through the modem interface.
In the latest update, Chrome version 147 has addressed a total of 60 vulnerabilities, including two that are classified as critical. These critical flaws are linked to the browser's WebML component and were reported by anonymous researchers. The vulnerabilities are significant enough that they come with a combined bounty of $86,000 for anyone who can exploit them. Users of Chrome should ensure they are using the updated version to protect against potential attacks. Regular updates like this are crucial as they help safeguard users from newly discovered security risks.
A recently patched vulnerability in the EngageLab SDK, a third-party software development kit used in many Android applications, has potentially exposed the private data of around 50 million users, including 30 million cryptocurrency wallet holders. The flaw allowed apps on the same device to bypass Android's security measures, enabling unauthorized access to sensitive information. This incident raises significant concerns about the security of users' cryptocurrency assets, as the compromised data could have led to theft or fraud. Developers using the EngageLab SDK are urged to update their applications to protect users from potential attacks. The vulnerability was identified and addressed, but users should remain vigilant about app permissions and security practices.
Google's threat intelligence team has identified a new extortion group known as UNC6783, which appears to be linked to the Raccoon persona. This group is specifically targeting Business Process Outsourcing (BPO) companies and helpdesk services, indicating a shift in focus towards sectors that handle sensitive customer data. The group's tactics may involve ransomware or other extortion methods, which poses significant risks to affected organizations. Companies in the BPO sector should be vigilant and enhance their security measures to protect against potential breaches and data leaks. As this threat evolves, understanding the methods and motivations behind it will be crucial for businesses in these industries.