The U.S. government today unsealed criminal charges against 16 individuals accused of operating and selling DanaBot, a prolific strain of information-stealing malware that has been sold on Russian cybercrime forums since 2018. The FBI says a newer version of DanaBot was used for espionage, and that many of …
Google has released emergency security updates to patch a high-severity Chrome vulnerability that has a public exploit and can let attackers hijack accounts. [...]
Google is rolling out a change to Chromium that "de-elevates" Google Chrome so it does not run as an administrator to increase security in Windows. [...]
Google has extended its Advanced Protection features to Android devices. It’s not for everybody, but something to be considered by high-risk users. Wired article, behind a paywall. [...]
Google is adding a new security setting to Android to provide an extra layer of resistance against attacks that infect devices, tap calls traveling through insecure carrier networks, and deliver scams through messaging services. On Tuesday, the company unveiled the Advanced Protection mode, most of which will be rolled …
Google is announcing improvements for the Advanced Protection feature in Android 16 that strengthen defenses against sophisticated spyware attacks. [...]
Google is implementing a new Chrome security feature that uses the built-in 'Gemini Nano' large-language model (LLM) to detect and block tech support scams while browsing the web. [...]
Google has released the May 2025 security updates for Android with fixes for 45 security flaws, including an actively exploited zero-click FreeType 2 code execution vulnerability. [...]
This seems like an important advance in LLM security against prompt injection: Google DeepMind has unveiled CaMeL (CApabilities for MachinE Learning), a new approach to stopping prompt-injection attacks that abandons the failed strategy of having AI models police themselves. Instead, CaMeL treats language models as fundamentally untrusted components within …
About a decade ago, Apple and Google started updating iOS and Android, respectively, to make them less susceptible to “juice jacking,” a form of attack that could surreptitiously steal data or execute malicious code when users plug their phones into special-purpose charging hardware. Now, researchers are revealing that, for …
Google is rolling out a new security mechanism on Android devices that will automatically reboot locked, unused devices after three consecutive days of inactivity, restoring memory to an encrypted state. [...]
Google is hosting dozens of extensions in its Chrome Web Store that perform suspicious actions on the more than 4 million devices that have installed them and that their developers have taken pains to carefully conceal. The extensions, which so far number at least 35, use the same code …
Google is hosting dozens of extensions in its Chrome Web Store that perform suspicious actions on the more than 4 million devices that have installed them and that their developers have taken pains to carefully conceal. The extensions, which so far number at least 35, use the same code …
When Google announced Tuesday that end-to-end encrypted messages were coming to Gmail for business users, some people balked, noting it wasn’t true E2EE as the term is known in privacy and security circles. Others wondered precisely how it works under the hood. Here’s a description of what …
When Google announced Tuesday that end-to-end encrypted messages were coming to Gmail for business users, some people balked, noting it wasn’t true E2EE as the term is known in privacy and security circles. Others wondered precisely how it works under the hood. Here’s a description of what …
When Google announced Tuesday that end-to-end encrypted messages were coming to Gmail for business users, some people balked, noting it wasn’t true E2EE as the term is known in privacy and security circles. Others wondered precisely how it works under the hood. Here’s a description of what …
When Google announced Tuesday that end-to-end encrypted messages were coming to Gmail for business users, some people balked, noting it wasn’t true E2EE as the term is known in privacy and security circles. Others wondered precisely how it works under the hood. Here’s a description of what …
Google has started rolling out a new end-to-end encryption (E2EE) model for Gmail enterprise users, making it easier to send encrypted emails to any recipient. [...]
In the growing canon of AI security, the indirect prompt injection has emerged as the most powerful means for attackers to hack large language models such as OpenAI’s GPT-3 and GPT-4 or Microsoft’s Copilot. By exploiting a model's inability to distinguish between, on the one hand, developer-defined …
Google has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser's sandbox and deploy malware in espionage attacks targeting Russian media outlets and government organizations. [...]
A new phishing campaign is targeting SEO professionals with malicious Semrush Google Ads that aim to steal their Google account credentials. [...]
Over 300 malicious Android applications downloaded 60 million items from Google Play acted as adware or attempted to steal credentials and credit card information. [...]
Researchers have discovered multiple Android apps, some that were available in Google Play after passing the company’s security vetting, that surreptitiously uploaded sensitive user information to spies working for the North Korean government. Samples of the malware—named KoSpy by Lookout, the security firm that discovered it—masquerade …
A new Android spyware named 'KoSpy' is linked to North Korean threat actors who have infiltrated Google Play and third-party app store APKPure through at least five malicious apps. [...]
A newly devised "polymorphic" attack allows malicious Chrome extensions to morph into other browser extensions, including password managers, crypto wallets, and banking apps, to steal sensitive information. [...]