Articles tagged "Google"

Found 117 articles

A recent report from Google reveals a significant shift in the ransomware landscape, indicating that attackers are increasingly focusing on data extortion rather than traditional ransom demands. This change complicates the understanding of the full scope of cybercrime and its impact on businesses and individuals. Researchers found that this evolution allows cybercriminals to extract sensitive information from victims and threaten to release it publicly if their demands are not met. This trend raises serious concerns for organizations, as it puts their data security at risk and can lead to severe reputational damage. Companies need to be more vigilant about securing their data and preparing for potential breaches, as the consequences of data extortion can be devastating.

Read Original

In 2025, Google awarded over $17 million to 747 security researchers through its Vulnerability Reward Program (VRP) for reporting various security vulnerabilities. This initiative not only incentivizes researchers to identify and report bugs but also strengthens the overall security of Google's products and services. By paying for these reports, Google is actively encouraging contributions from the security community, which helps mitigate potential threats before they can be exploited. This program is essential for maintaining user trust and safeguarding sensitive information across the company's platforms. The financial commitment reflects the increasing importance of cybersecurity in the tech industry.

Read Original

A significant hardware vulnerability has been identified that affects approximately 25% of Android phones, particularly those in the budget category. This flaw allows attackers to potentially steal sensitive information, including cryptocurrency wallet seed phrases, in under a minute. Users of affected devices should be concerned as this could lead to serious financial losses and privacy breaches. The issue emphasizes the need for manufacturers to improve security measures in their devices and for users to be vigilant about their phone's security. It's crucial for owners of budget Android phones to check if their devices are impacted and take necessary precautions.

Read Original

Two Google Chrome extensions have been compromised after a transfer of ownership, allowing attackers to inject malicious code and steal sensitive user data. The extensions, originally developed by a user identified as 'akshayanuonline@gmail.com', are QuickLens and another unnamed extension. This incident raises significant concerns as it exposes users who have installed these extensions to potential malware and data breaches. Users of these extensions should be cautious and consider removing them to protect their information. This situation serves as a reminder of the risks associated with third-party software and the importance of monitoring the permissions and developers of browser extensions.

Read Original

Google has reported a significant increase in zero-day attacks targeting enterprise software, with nearly a quarter of these incidents aimed at security and networking appliances in 2025. This trend indicates that attackers are increasingly focusing on vulnerabilities within critical infrastructure components used by businesses. The implications are serious, as these vulnerabilities can lead to unauthorized access, data breaches, and disruptions in service. Companies that rely on these types of software need to prioritize security measures and stay updated on patches to protect their systems. As the threat landscape evolves, organizations must remain vigilant to mitigate risks associated with these attacks.

Read Original
Actively Exploited

The latest Security Affairs Malware newsletter covers several significant malware threats that have emerged recently. Notably, a group identified as Stan Ghouls is targeting users in Russia and Uzbekistan using the NetSupport Remote Access Trojan (RAT), which allows attackers to control infected systems remotely. Another concerning development is the discovery of ZeroDayRAT, a new spyware designed to infiltrate both Android and iOS devices. Additionally, researchers have uncovered a Linux botnet named SSHStalker, which utilizes old-school IRC methods to compromise new victims. These activities demonstrate the evolving tactics of cybercriminals and emphasize the need for users and organizations to remain vigilant against these persistent threats.

Read Original
Critical
287 Chrome Extensions Caught Harvesting Browsing Data from 37M Users

Hackread – Cybersecurity News, Data Breaches, AI and More

Actively Exploited

A recent investigation by Q Continuum has uncovered that 287 Chrome extensions are leaking private browsing data from approximately 37.4 million users to companies like Similarweb and Alibaba. These extensions, often perceived as harmless tools, have been found to convert users' browsing histories into marketable products. The data breach raises significant privacy concerns, particularly for users who may not be aware that their online activities are being monitored and sold. This incident highlights the need for users to be vigilant about the extensions they install and the permissions they grant. As these extensions may not seem malicious at first glance, it serves as a reminder of the potential risks associated with browser add-ons.

Read Original

A newly identified hacking group, suspected to be linked to Russian intelligence, has launched attacks against various Ukrainian sectors, including defense, government, and energy. This group is using a malware called CANFAIL, which was uncovered by researchers from Google Threat Intelligence Group. The targeting of critical infrastructure and military entities raises significant concerns about national security and the ongoing conflict in the region. As these attacks could disrupt essential services and information systems, the situation highlights the need for enhanced cybersecurity measures among the affected organizations. This incident is part of a broader pattern of cyber warfare tactics being employed against Ukraine.

Read Original

The article discusses various cybersecurity topics, including vulnerabilities in software and tools used by organizations. It mentions issues related to the Chrome browser and System Center Configuration Manager (SCCM), suggesting that users should stay updated to protect against potential exploits. Additionally, it brings attention to a tool named SSHStalker, which appears to be associated with security risks. The piece emphasizes the importance of maintaining software updates and being aware of the tools in use, as attackers often target widely used applications to compromise systems. Overall, the article serves as a reminder for users and organizations to remain vigilant about their cybersecurity practices.

Read Original

A recent security audit conducted by Google and Intel has uncovered a serious vulnerability in the Trusted Execution Environment (TDX) that could allow attackers to fully compromise affected systems. This issue affects various products utilizing TDX technology, which is designed to enhance security by isolating sensitive data. The discovery of this vulnerability raises significant concerns for organizations relying on TDX for data protection, as it could lead to unauthorized access and data breaches. Companies using affected systems should prioritize investigation and remediation efforts to safeguard their environments. As of now, there is no indication of this vulnerability being actively exploited in the wild, but the potential for future attacks remains a pressing concern.

Read Original

Researchers have identified a new spyware kit called ZeroDayRAT, which is being distributed via Telegram. This toolkit is said to allow attackers to fully compromise both iOS and Android devices, functioning at a level typically associated with resources available to nation-states. The implications of this spyware are significant, as it can potentially give hackers complete access to personal data and device controls. Users of mobile devices, especially those who may be targeted for sensitive information, should be particularly cautious. The emergence of such advanced tools raises serious concerns about mobile security and privacy.

Read Original

Recent research reveals that nearly half of Chrome AI extensions are collecting user data without proper consent. Tools focused on coding, transcription, and productivity seem to be the worst offenders, raising significant privacy concerns for users. This issue could affect anyone using these extensions, as they often require extensive permissions to function. The findings suggest that many users may unknowingly expose their personal information to third parties through these seemingly helpful tools. As the use of AI technology grows, it’s crucial for users to be aware of what data they are sharing and how it might be used.

Read Original

Recent vulnerabilities in Google Looker have raised serious concerns about security, particularly regarding cross-tenant remote code execution (RCE) and data exfiltration. Attackers could exploit these flaws to gain access to environments of other Google Cloud Platform (GCP) tenants by leveraging a compromised Looker user account. This means that sensitive data from multiple organizations could potentially be at risk, making it a significant threat for businesses relying on GCP services. The findings underscore the need for users and companies to review their security practices and ensure that they are protected against unauthorized access. As vulnerabilities like these can lead to major data breaches, prompt action is essential to safeguard sensitive information.

Read Original
Actively Exploited

Bitdefender has identified a new Android malware campaign that uses Hugging Face, a platform typically associated with artificial intelligence and machine learning. This malware, classified as a Remote Access Trojan (RAT), is designed to gain unauthorized access to Android devices, potentially compromising user data and privacy. The campaign raises concerns as it exploits a legitimate platform to distribute malicious software, making it harder for users to detect the threat. Users of Android devices should be particularly cautious and ensure they download apps only from trusted sources to avoid falling victim to this malware. The implications are significant, especially for those who may unknowingly install infected applications, leading to data theft or device control by attackers.

Read Original

Google, in collaboration with other partners, has successfully disrupted IPIDEA, one of the largest residential proxy networks globally. This action involved legal measures to shut down multiple domains that facilitated the control of devices and the routing of proxy traffic. As a result, the IPIDEA website is currently inaccessible, signaling a significant blow to the operations of this network. The disruption of IPIDEA is important because residential proxy networks can be exploited for various malicious activities, including data scraping and evading detection in cyberattacks. This move highlights ongoing efforts to combat such networks that can compromise user privacy and security.

Read Original
PreviousPage 5 of 8Next