Articles tagged "Google"

Found 117 articles

Mozilla has rolled out updates for Firefox to fix two serious vulnerabilities that could be exploited by attackers. The flaws, identified as CVE-2026-15718 and CVE-2026-15719, involve issues with JavaScript: WebAssembly and site isolation in the DOM: Navigation component. Mozilla has warned users that exploit code for these vulnerabilities is already available publicly, increasing the urgency for users to update. It’s crucial for Firefox users to install these updates promptly to protect against potential attacks that could compromise their security and privacy. Keeping software up to date is a key defense against such risks.

Read Original

A vulnerability linked to ClaudeBleed affects Chrome extensions, allowing them to access potentially sensitive information from users' Gmail and Calendar accounts. Despite eight patches being released, this flaw remains unaddressed, raising concerns for users who rely on these services. The issue stems from how extensions interact with the browser, which could lead to unauthorized data access. This poses a significant risk, as malicious extensions could exploit this vulnerability to harvest private data without user consent. Users of Chrome should be cautious about the extensions they install and regularly check for updates to ensure their security.

Read Original

Security researchers at Varonis have found vulnerabilities in Google Cloud's Dialogflow CX, a platform widely used for creating chatbots. These flaws could allow attackers to hijack AI agents, potentially leading to unauthorized access and misuse of chatbot functionalities. Organizations using Dialogflow CX should be particularly vigilant, as this could impact customer interactions and data security. The discovery raises concerns about the security of AI-driven applications and the need for more stringent safeguards in cloud-based platforms. Users are encouraged to review their configurations and stay updated on any fixes released by Google.

Read Original
Actively Exploited

A new version of the RedHook malware for Android has been discovered using a technique that exploits the Wireless Debugging feature, known as Wireless ADB. This allows attackers to gain shell-level access to devices without needing a physical connection to a computer. This development raises concerns because it can enable unauthorized control over affected devices, putting personal data and privacy at risk. Users of Android devices, especially those with Wireless ADB enabled, should be particularly vigilant. Researchers emphasize the need for users to disable this feature when not in use to mitigate potential risks.

Read Original

Google has released an update for Chrome, version 150, which addresses 27 vulnerabilities, including 13 use-after-free bugs. Among these, two have been classified as critical-severity flaws, which could potentially allow attackers to execute arbitrary code. This update is crucial for users of the Chrome browser, as it helps protect against these serious security risks. Users are encouraged to install the update promptly to ensure their systems remain secure. Regular updates are essential, as they often close vulnerabilities that could be exploited by cybercriminals.

Read Original

Android has introduced a new security feature designed to detect fake cell towers, which can pose significant risks to user data. This feature alerts users if their device connects to an untrusted network, helping to safeguard personal information from potential interception. However, users need to enable this feature manually to benefit from the protection it offers. The rise of fake cell towers, often employed by attackers to eavesdrop on communications, makes this an important tool for Android users. By activating this feature, users can enhance their security and reduce the likelihood of falling victim to data breaches or privacy invasions.

Read Original
Critical
Siemens SINEC OS

All CISA Advisories

Siemens has identified multiple vulnerabilities in its SINEC OS, particularly affecting the RUGGEDCOM RST2428P product. The issues stem from improper input validation, leading to potential allocation failures that could compromise system operations. Siemens has recommended users upgrade to version 4.0 or later to mitigate these risks. The vulnerabilities have been assigned CVE identifiers, indicating their recognition in the cybersecurity community. This situation is significant as it affects industrial control systems, which are critical for operational integrity and security.

+4 more
Read Original
Critical
ClickFix Scams Abuse Google, Cloudflare Checks to Deliver 7 Malware Families

Hackread – Cybersecurity News, Data Breaches, AI and More

Actively Exploited

Malwarebytes has reported that attackers are using fake Google and Cloudflare verification pages as part of a scheme to distribute multiple families of malware, including StealC and NetSupport. This operation is linked to a shared infrastructure known as ClickFix. The fraudulent pages trick users into believing they are legitimate, making it easier for the malware to be delivered. This affects anyone who may inadvertently interact with these deceptive sites, potentially leading to data theft and system compromise. The incident emphasizes the need for users to be cautious about online verifications and the sites they engage with, as the risks of malware infections continue to rise.

Read Original

A new malware called Umbrij, linked to the cyber group ToddyCat, is targeting corporate Gmail accounts by exploiting the Google API. According to Kaspersky's recent report, the malware allows attackers to gain stealthy access to email communications, raising significant concerns for businesses that rely on Gmail for their operations. This tactic of compromising access through APIs highlights potential vulnerabilities in how companies manage their email systems. As email remains a primary communication tool for organizations, the implications of such breaches could be severe, resulting in sensitive information leaks and potential financial losses. Companies using Gmail should enhance their security measures to safeguard against this type of attack.

Read Original

A new malware called RustDuck is actively hijacking various devices, including home routers, IP cameras, Android boxes, and poorly secured servers. The malware operates in two stages and connects these compromised devices into a botnet designed to launch Distributed Denial of Service (DDoS) attacks, effectively taking websites and online services offline. Researchers from QiAnXin's XLab have been monitoring RustDuck since February 2026 and note that its rapid evolution is particularly concerning. This highlights the vulnerability of consumer devices and poorly secured servers, which can be easily exploited by attackers. Users and organizations need to ensure their devices are secured to prevent becoming part of such a botnet.

Read Original

In a recent ruling, the Supreme Court decided that the Fourth Amendment protects location data collected by tech companies, like Google, from unreasonable searches and seizures. This 6-3 decision reinforces individual privacy rights, particularly concerning data that can reveal a person's movements and habits. The case involved law enforcement's use of geofence warrants, which allow authorities to request location data from devices in a specific area during a particular time. The ruling is significant as it impacts how law enforcement can access personal data, potentially changing the way investigations are conducted and emphasizing the need for stronger privacy protections in the digital age. This decision could influence future cases regarding digital privacy and the extent of governmental reach into personal data.

Read Original
Actively Exploited

A significant security vulnerability in Cisco's Catalyst SD-WAN Manager has been exploited by attackers months before its public disclosure. The flaw, which was revealed in early June, was reportedly being used in attacks as early as March. This situation raises serious concerns for organizations using Cisco's SD-WAN technology, as they may have been at risk for an extended period without knowledge of the threat. Companies are urged to review their systems and apply any available patches to mitigate potential risks. The exploitation of this vulnerability highlights the importance of timely disclosures and the need for vigilance in monitoring systems for suspicious activity.

Read Original
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited Months Before Disclosure

Security Affairs

Actively Exploited

A serious vulnerability in Cisco Catalyst SD-WAN, identified as CVE-2026-20245, has been exploited by hackers for months before it was publicly disclosed. This flaw, which has a CVSS score of 7.8, allows authenticated attackers to execute privileged commands on affected systems. Google-owned Mandiant reported that the exploitation occurred at least two months prior to the disclosure, raising concerns about the security of networks using this technology. Organizations using Cisco Catalyst SD-WAN should take immediate action to secure their systems, as this vulnerability poses a significant risk to network integrity. The incident serves as a reminder of the importance of timely disclosure and patch management in cybersecurity.

Read Original
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access

The Hacker News

Actively Exploited

A recently discovered vulnerability in Cisco Catalyst SD-WAN has been exploited by an unknown attacker for at least two months before its public disclosure. This security flaw, identified as CVE-2026-20245, has a high severity rating of 7.8 and allows an authenticated local attacker to execute arbitrary commands with elevated privileges. This means that if an attacker gains access to a system, they could potentially take control of critical functions within the network. Companies using Cisco Catalyst SD-WAN should be aware of the risk posed by this vulnerability and take immediate action to protect their systems. The findings from Mandiant underscore the importance of timely patching and monitoring for unusual activity in network environments.

Read Original
Actively Exploited

The latest Malware newsletter from Security Affairs discusses several significant cybersecurity incidents affecting a wide range of sectors. Notably, a supply chain attack on OptinMonster has compromised 1.2 million websites, raising concerns about the security of third-party services. Additionally, a China-linked threat actor has targeted both public and private medical organizations, focusing on areas like artificial intelligence and national defense research. Another piece highlights the Rokarolla malware, which is designed to steal banking information from Android devices. These incidents underscore the ongoing risks faced by organizations and individuals alike, as attackers increasingly exploit vulnerabilities across various sectors.

Read Original
Page 1 of 8Next