ALL POSTS

Key Findings Google Threat Intelligence Group (GTIG) has identified a previously undocumented threat actor, possibly affiliated with Russian intelligence services, that has been targeting Ukrainian organizations with the CANFAIL malware. The threat actor has primarily targeted defense, military, government, and energy organizations within the Ukrainian regional and national governments, but has also shown growing interest in aerospace, manufacturing with military/drone ties,

Key Findings: Former Google software engineer Linwei Ding (also known as Leon Ding) was convicted by a federal jury on 7 counts of economic espionage and 7 counts of theft of trade secrets. Ding stole over 2,000 confidential documents containing Google's trade secrets related to artificial intelligence (AI) technology. The stolen information included details about Google's custom Tensor Processing Unit (TPU) chips, Graphics Processing Unit (GPU) systems, software orchestratin

Key Findings Google and partners disrupted IPIDEA, one of the world's largest residential proxy networks, through legal domain takedowns, intelligence sharing, and ecosystem-wide enforcement. IPIDEA's proxy infrastructure was heavily abused by cybercrime groups, espionage actors, and botnets like BADBOX 2.0, Aisuru, and Kimwolf. Over 550 tracked threat groups used IPIDEA's exit nodes in a single week, exposing users' devices and networks to compromise and abuse. Google's acti

Key Findings: Cybersecurity researchers at Miggo Security have disclosed a security vulnerability in Google Gemini that allows unauthorized access to users' private calendar data. The vulnerability, dubbed "Indirect Prompt Injection," enables threat actors to craft malicious calendar invites that can bypass Google Calendar's privacy controls. When a user asks Gemini a seemingly innocent question about their schedule, the AI chatbot is tricked into parsing the malicious prompt

Key Findings Cybersecurity researchers have uncovered a phishing campaign that abuses Google Cloud Application Integration to send emails impersonating legitimate Google messages. The campaign used layered redirection, trusted cloud services, user validation checks, and brand impersonation to evade detection and increase phishing success. Over a two-week period, the researchers observed nearly 9,400 phishing emails targeting approximately 3,200 customers across various indust

Key Findings The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2025-14174: Google Chromium Out-of-Bounds Memory Access Vulnerability CVE-2018-4063: Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability Background CVE-2025-14174 is an out-of-bounds memory access flaw in the ANGLE graphics library of Google Chrome on Mac, which can be expl

Key Findings Google addressed three vulnerabilities in the Chrome browser, including a high-severity bug already exploited in the wild. Google tracked the high-severity vulnerability as Chromium issue 466192044, but did not share technical details. The bug lies in the ANGLE graphics library, where buffer sizes were incorrectly calculated, leading to memory corruption, crashes, or potentially arbitrary code execution. Google also fixed two medium-severity flaws: a use-after-fr

Key Findings: Google has updated its Android Quick Share file transfer service to work natively with Apple's AirDrop on Pixel 10 devices. The cross-platform compatibility is achieved through Google's own implementation, not official collaboration with Apple. The communication channel is built using the memory-safe Rust programming language to enhance security and prevent vulnerabilities. Independent security assessment by NetSPI found the Quick Share AirDrop implementation to

Key Findings North Korea-linked Konni APT group posed as psychological counselors and North Korean human rights activists to distribute malware disguised as stress-relief programs via KakaoTalk messenger Attackers compromised victims' Google accounts and abused Google's "Find Hub" service to remotely reset Android devices in South Korea, erasing users' personal data This is the first known case of a state-sponsored APT group exploiting Find Hub to perform destructive remote w