Articles tagged "Google"

Found 117 articles

Researchers at Google DeepMind have identified six types of web-based attacks that can target autonomous AI agents. These attacks exploit malicious web content to manipulate AI behavior, potentially leading to harmful consequences. The study emphasizes how AI agents, which increasingly navigate the internet autonomously, can be misled by deceptive information, resulting in unexpected actions. This research highlights the need for stronger security measures to protect AI systems from manipulation. As AI continues to be integrated into various applications, understanding these vulnerabilities is crucial for developers and organizations relying on AI technology.

Read Original

Kaspersky has reported that SparkCat malware has resurfaced on app stores, specifically targeting cryptocurrency users in Asia. This malware has been found in applications available for both iOS and Android devices. Users downloading these apps may unknowingly expose their sensitive information, such as cryptocurrency wallet details, to attackers. This resurgence is particularly concerning given the increasing popularity of cryptocurrency among users, making them prime targets for cybercriminals. As the malware spreads, it underlines the need for users to be vigilant about the apps they download and the permissions they grant.

Read Original
Critical
Storm Infostealer Sold as Service, Targets Browsers, Wallets and Accounts

Hackread – Cybersecurity News, Data Breaches, AI and More

Actively Exploited

Recent research from Varonis Threat Labs has identified a new cybersecurity threat called Storm infostealer, which operates as a subscription service. This malicious software is designed to bypass the encryption used by Google Chrome, putting users' sensitive information at risk. It primarily targets web browsers, cryptocurrency wallets, and various online accounts. This is concerning because it can lead to identity theft and financial loss for affected individuals. As this service gains traction, it raises alarms about the potential for widespread exploitation of personal data.

Read Original

The latest ThreatsDay Bulletin highlights a range of pressing cybersecurity threats impacting various systems. Researchers are reporting on the alarming trend of chaining together minor vulnerabilities to create significant backdoors, which could allow attackers to gain unauthorized access. Additionally, there are ongoing concerns about Android rootkits and methods for evading AWS CloudTrail logging, raising red flags for cloud security. These developments underscore the need for organizations to stay vigilant and proactive in patching software and monitoring their systems for unusual activity. With cyber threats evolving quickly, it’s crucial for companies to keep their defenses updated and educate their teams on the latest risks.

Read Original

Google has released a series of updates to address 21 vulnerabilities in its Chrome browser, including a significant zero-day flaw identified as CVE-2026-5281. This vulnerability affects the Dawn component of Chrome and has been exploited in the wild, which means attackers are actively taking advantage of it. Users of Chrome are urged to update their browsers to the latest version to protect themselves against potential exploits. Keeping browsers up to date is crucial as these vulnerabilities can allow unauthorized access or manipulation of user data. The timely patching of such vulnerabilities emphasizes the ongoing need for vigilance in maintaining cybersecurity.

Read Original

Google has addressed 21 vulnerabilities in its Chrome browser, including a serious zero-day flaw identified as CVE-2026-5281. This vulnerability is categorized as a use-after-free (UAF) issue in Dawn, which is part of the WebGPU standard utilized by Chromium and its derivatives. While specific details about the exploitation of this flaw are scarce, the fact that it has been flagged as 'in-the-wild' suggests that attackers are actively using it. Users of Chrome and other Chromium-based browsers should ensure they are running the latest versions to protect themselves from potential attacks. Keeping browsers updated is crucial because such vulnerabilities can lead to unauthorized access or other malicious activities.

Read Original

Google has rolled out new location privacy features in the Android 17 Beta 3, allowing users better control over their precise location data. A key addition is the location button, which enables one-time access to location information for tasks like finding nearby places or tagging content, without the need for continuous tracking. This update aims to minimize data collection practices and enhance user privacy while providing developers with the tools necessary to design safer applications. This change is particularly relevant as location data can often be sensitive, and users are increasingly concerned about how their information is used. By implementing these features, Google is responding to user demands for greater transparency and control over personal data.

Read Original
Actively Exploited

The latest Malware newsletter from Security Affairs reports on several significant cybersecurity threats. One notable incident involves new malware specifically targeting users of Cobra DocGuard software, potentially compromising sensitive data. Additionally, Iranian cyber actors have been using Telegram as a command and control channel to distribute malware to predetermined targets, raising concerns about state-sponsored cyber activities. The newsletter also discusses the Trivy supply chain attack, which has now expanded to include compromised Docker images, putting many containerized applications at risk. Lastly, a new malware called VoidStealer has been identified, which manipulates Chrome debugging tools to extract user information. These developments highlight ongoing vulnerabilities in software and the tactics employed by cybercriminals and state actors alike.

Read Original
Actively Exploited

Recent reports indicate that cybercriminals are increasingly using cloud phones, which are virtualized Android devices hosted on remote servers, to carry out financial fraud schemes. These devices provide attackers with anonymity and the capability to manipulate phone numbers, making it easier for them to bypass traditional security measures. As a result, victims can include individuals and businesses alike, potentially leading to significant financial losses. Security experts warn that the rise of these technologies poses a growing risk to online transactions and personal data. Companies and users need to be vigilant and adopt more stringent security practices to mitigate these threats.

Read Original

Google has accelerated its timeline for implementing post-quantum encryption, moving the target date from 2035 to 2029. This decision reflects the company's growing concern over the potential risks posed by quantum computing to their systems and data security. As quantum technology advances, traditional encryption methods may become vulnerable, prompting tech companies like Google to prioritize stronger security measures. By adopting post-quantum encryption sooner, Google aims to better protect its infrastructure and user data against future threats. This shift is significant not just for Google, but for other tech firms that rely on similar encryption methods.

Read Original
Actively Exploited

Researchers at Expel have raised concerns about malicious Chrome extensions that are targeting users' conversations with AI tools. These extensions, often disguised as useful add-ons, can secretly collect and transmit sensitive information, including chat history and personal data. Users who install these extensions unknowingly expose their private interactions to potential attackers. This incident is particularly concerning as AI technology becomes more integrated into daily tasks, increasing the risk of data breaches. Users are advised to be cautious about the extensions they install and to regularly review their browser settings for any unauthorized additions.

Read Original
Actively Exploited

VoidStealer is a new type of information-stealing malware that has been discovered to exploit a flaw in Chrome's Application-Bound Encryption (ABE). This malware uses a clever method to bypass security measures and access the master key needed to decrypt sensitive data stored in the Chrome browser. As a result, users' personal information, including passwords and credit card details, could be at risk. This development is concerning for anyone using Chrome, as it highlights vulnerabilities that attackers can exploit to gain unauthorized access to private data. Users should remain vigilant and consider enhancing their security measures to protect against such threats.

Read Original

Google has decided to reverse its plan to require Android developers to link their apps to verified developer accounts, a move that had sparked significant backlash from users. The original requirement, which was set to take effect in September 2026, involved a $25 fee and the submission of personal identification for verification. Many users expressed concerns over privacy and accessibility, arguing that the new rule could limit the diversity of apps available on the platform. By stepping back from this policy, Google aims to maintain a more open app ecosystem while addressing user concerns about potential barriers to entry for developers. This decision reflects the ongoing tension between security measures and user freedom in the app development landscape.

Read Original
Actively Exploited

A malicious Chrome extension called ShieldGuard was discovered to be a crypto scam masquerading as a security tool. This extension primarily targeted users looking to protect their cryptocurrency wallets but instead siphoned off sensitive wallet information and drained user data. Researchers found that once installed, the extension would exploit its permissions to access and transfer funds from users' crypto wallets. This incident affects anyone who installed the ShieldGuard extension, highlighting the ongoing risks of using unverified browser extensions in the cryptocurrency space. Users are urged to be cautious and only download extensions from reputable sources to safeguard their assets.

Read Original
Actively Exploited

Researchers have discovered a serious vulnerability in Android that allows attackers to hijack mobile payment applications using a technique called LSPosed-based runtime manipulation. This attack can bypass security measures such as SIM binding, which is intended to protect users' financial transactions. As a result, anyone using affected payment apps could be at risk of fraud and unauthorized transactions. This incident highlights the ongoing challenges in mobile security, especially for users who rely on their devices for financial activities. Users should be cautious and consider reviewing their app security settings until further protections are implemented.

Read Original
PreviousPage 4 of 8Next