top of page
ALL POSTS
Google's June 2026 Android Security Update Fixes 124 Vulnerabilities Including One Active Zero-Day Exploit
Key Findings Google released patches for 124 Android security vulnerabilities in June 2026, including one actively exploited flaw CVE-2025-48595 (CVSS 8.4) is a privilege escalation vulnerability in the Android Framework currently under limited, targeted exploitation The flaw affects Android 14, 15, 16, and 16 QPR2, requires no user interaction, and allows code execution through integer overflow CISA added the vulnerability to its Known Exploited Vulnerabilities catalog on Ju
Jun 32 min read
Google Thwarted First AI-Generated Zero-Day Exploit Before Attack
Key Findings Google Threat Intelligence Group discovered a zero-day exploit developed entirely by artificial intelligence before attackers could deploy it at scale Code analysis revealed telltale AI artifacts including excessive documentation strings, highly annotated code, and a hallucinated CVSS score that don't match human developer patterns A well-known cybercrime group with a history of high-profile attacks and mass exploitation was preparing to use the exploit for finan
May 122 min read
Google AppSheet Used to Compromise 30,000 Facebook Accounts in Phishing Campaign
Key Findings Vietnamese-linked operation "AccountDumpling" compromised over 30,000 Facebook accounts using Google AppSheet infrastructure Phishing emails bypassed authentication checks by originating from legitimate Google servers (noreply@appsheet.com and appsheet.bounces.google.com) Four distinct attack clusters employed different social engineering methods including fake help centers, incentive offers, interactive PDFs, and fake job recruitment Stolen data funneled through
May 23 min read
Google Sets 2029 Deadline for Post-Quantum Cryptography to Counter Encryption Threats
Key Findings Google has set a 2029 deadline for post-quantum cryptography migration, four years ahead of NSA guidance and six years ahead of broader US government targets Quantum computers with one million noisy qubits could crack current 2,048-bit RSA encryption in less than a week, down from previous estimates requiring a billion precise parts Store-now-decrypt-later attacks pose immediate risk as hackers steal encrypted data today for future decryption once quantum compute
Mar 273 min read
Google GTIG Reveals 90 Zero-Day Flaws Exploited in 2025, Underscoring Increasing Attacks on Enterprise Targets
Key Findings Google's Threat Intelligence Group (GTIG) identified 90 zero-day vulnerabilities exploited in the wild in 2025, up from 78 in 2024 Nearly half of the flaws (43, or 48%) targeted enterprise technologies, marking a record share and confirming a shift toward enterprise-focused attacks Browser exploitation declined to historic lows, while operating system flaws were increasingly abused Nation-state actors mainly targeted edge devices and security appliances, while co
Mar 62 min read
Google Warns of Actively Exploited Qualcomm Zero-Day in Android
Key Findings Google disclosed that a high-severity vulnerability, CVE-2026-21385 (CVSS score: 7.8), affecting an open-source Qualcomm component used in Android devices has been actively exploited. The vulnerability is a buffer over-read in the Graphics component, described by Qualcomm as "memory corruption when adding user-supplied data without checking available buffer space" and an integer overflow. Google acknowledged "there are indications that CVE-2026-21385 may be under
Mar 32 min read
Google GTIG Disrupts China-Linked APT UNC2814, Halting Attacks on 53 Orgs in 42 Countries
Key Findings: Google Threat Intelligence Group (GTIG), Mandiant, and partners disrupted a global espionage campaign by UNC2814, a suspected China-linked cyber espionage group UNC2814 had breached at least 53 organizations across 42 countries, primarily targeting telecommunications and government sectors The group used a novel backdoor called GRIDTIDE that leveraged legitimate Google Sheets API functions for command-and-control GTIG took coordinated action to disrupt UNC2814's
Feb 272 min read
Google Disrupts Massive Cyberespionage Campaign Across Multiple Countries
Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries Key Findings Google, in collaboration with industry partners, disrupted the infrastructure of the suspected China-nexus cyber espionage group UNC2814 UNC2814 breached at least 53 organizations across 42 countries in the Americas, Asia, and Africa The threat actor may have targeted at least 20 additional countries UNC2814 used a novel backdoor called GRIDTIDE that abuses Google Sheets API for comma
Feb 252 min read
Three Former Google Engineers Charged with Stealing Trade Secrets
Key Findings: Three Iranian-American engineers - Samaneh Ghandali, 41, her sister Soroor Ghandali, 32, and Samaneh's husband Mohammadjavad Khosravi, 40 - have been indicted for allegedly stealing trade secrets from Google and other tech firms and transferring the information to unauthorized locations, including Iran. The defendants are accused of conspiracy to commit trade secret theft, theft and attempted theft of trade secrets, and obstruction of justice. Samaneh and Soroor
Feb 202 min read
Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs
Key Findings Google Threat Intelligence Group (GTIG) has identified a previously undocumented threat actor, possibly affiliated with Russian intelligence services, that has been targeting Ukrainian organizations with the CANFAIL malware. The threat actor has primarily targeted defense, military, government, and energy organizations within the Ukrainian regional and national governments, but has also shown growing interest in aerospace, manufacturing with military/drone ties,
Feb 142 min read
Former Google Engineer Convicted of Stealing AI Secrets for China
Key Findings: Former Google software engineer Linwei Ding (also known as Leon Ding) was convicted by a federal jury on 7 counts of economic espionage and 7 counts of theft of trade secrets. Ding stole over 2,000 confidential documents containing Google's trade secrets related to artificial intelligence (AI) technology. The stolen information included details about Google's custom Tensor Processing Unit (TPU) chips, Graphics Processing Unit (GPU) systems, software orchestratin
Jan 302 min read
Google Cracks Down on IPIDEA's Vast Residential Proxy Network
Key Findings Google and partners disrupted IPIDEA, one of the world's largest residential proxy networks, through legal domain takedowns, intelligence sharing, and ecosystem-wide enforcement. IPIDEA's proxy infrastructure was heavily abused by cybercrime groups, espionage actors, and botnets like BADBOX 2.0, Aisuru, and Kimwolf. Over 550 tracked threat groups used IPIDEA's exit nodes in a single week, exposing users' devices and networks to compromise and abuse. Google's acti
Jan 292 min read
Google Gemini AI Exploited to Expose Private Calendar Data
Key Findings: Cybersecurity researchers at Miggo Security have disclosed a security vulnerability in Google Gemini that allows unauthorized access to users' private calendar data. The vulnerability, dubbed "Indirect Prompt Injection," enables threat actors to craft malicious calendar invites that can bypass Google Calendar's privacy controls. When a user asks Gemini a seemingly innocent question about their schedule, the AI chatbot is tricked into parsing the malicious prompt
Jan 192 min read
Phishing Campaign Abuses Google Cloud to Impersonate Google Emails
Key Findings Cybersecurity researchers have uncovered a phishing campaign that abuses Google Cloud Application Integration to send emails impersonating legitimate Google messages. The campaign used layered redirection, trusted cloud services, user validation checks, and brand impersonation to evade detection and increase phishing success. Over a two-week period, the researchers observed nearly 9,400 phishing emails targeting approximately 3,200 customers across various indust
Jan 22 min read
CISA Adds Actively Exploited Google Chromium and Sierra Wireless Flaws to Known Exploited Vulnerabilities Catalog
Key Findings The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2025-14174: Google Chromium Out-of-Bounds Memory Access Vulnerability CVE-2018-4063: Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability Background CVE-2025-14174 is an out-of-bounds memory access flaw in the ANGLE graphics library of Google Chrome on Mac, which can be expl
Dec 13, 20251 min read
Google Addresses Ninth Chrome Zero-Day Vulnerability Under Active Exploitation
Key Findings Google addressed three vulnerabilities in the Chrome browser, including a high-severity bug already exploited in the wild. Google tracked the high-severity vulnerability as Chromium issue 466192044, but did not share technical details. The bug lies in the ANGLE graphics library, where buffer sizes were incorrectly calculated, leading to memory corruption, crashes, or potentially arbitrary code execution. Google also fixed two medium-severity flaws: a use-after-fr
Dec 11, 20252 min read
Android Quick Share Finally Supports AirDrop, Courtesy of Google's Rust-Hardened Security
Key Findings: Google has updated its Android Quick Share file transfer service to work natively with Apple's AirDrop on Pixel 10 devices. The cross-platform compatibility is achieved through Google's own implementation, not official collaboration with Apple. The communication channel is built using the memory-safe Rust programming language to enhance security and prevent vulnerabilities. Independent security assessment by NetSPI found the Quick Share AirDrop implementation to
Nov 21, 20252 min read
North Korea's KONNI APT Abuses Google Find Hub to Spy and Erase Data
Key Findings North Korea-linked Konni APT group posed as psychological counselors and North Korean human rights activists to distribute malware disguised as stress-relief programs via KakaoTalk messenger Attackers compromised victims' Google accounts and abused Google's "Find Hub" service to remotely reset Android devices in South Korea, erasing users' personal data This is the first known case of a state-sponsored APT group exploiting Find Hub to perform destructive remote w
Nov 12, 20252 min read
bottom of page
