Google rolls out Gmail end-to-end encryption on mobile devices
Google says Gmail end-to-end encryption (E2EE) is now available on all Android and iOS devices, allowing enterprise users to read and compose emails without additional tools. Starting this week, encrypted messages will be delivered as regular emails to Gmail recipients’ inboxes if they use the Gmail app. Recipients who don’t have the Gmail mobile app […]
Google fixes fourth Chrome zero-day exploited in attacks in 2026
Google released emergency updates to fix another Chrome zero-day vulnerability exploited in attacks, marking the fourth such security flaw patched since the start of the year. “Google is aware that an exploit for CVE-2026-5281 exists in the wild,” Google said in a security advisory issued on Tuesday. As detailed in the Chromium commit history, this vulnerability stems […]
Google Drive ransomware detection now on by default for paying users
Google announced that the AI-powered Google Drive ransomware detection feature has reached general availability and is now enabled by default for all paying users. Announced in September 2025, a beta version of this feature began rolling out to Google Workspace customers worldwide in early October. Google Drive will immediately pause file syncing when it detects a […]
Google now allows you to change your @gmail.com address
Google is rolling out a new feature that allows users in the U.S. to change their @gmail address or create a new alias. This feature was first spotted in October 2025 and showed up on some Google accounts by the end of the year, but it was not available in the United States. Starting today, Google says […]
Google adds ‘Advanced Flow’ for safe APK sideloading on Android
Google has announced a new mechanism in Android called Advanced Flow, which will allow sideloading APKs from unverified developers for power users in a more secure manner. The new system, scheduled to roll out this August, aims to allow installing Android apps from unverified developers while minimizing the risk of malware infections and scams, which […]
Google fixes two new Chrome zero-days exploited in attacks
Google has released emergency security updates to patch two high-severity Chrome vulnerabilities exploited in zero-day attacks. “Google is aware that exploits for both CVE-2026-3909 & CVE-2026-3910 exist in the wild,” Google said in a security advisory published on Thursday. The first zero-day (CVE-2026-3909) stems from an out-of-bounds write weakness in Skia, an open-source 2D graphics library responsible for rendering […]
Google paid $17.1 million for vulnerability reports in 2025
Google paid over $17 million to 747 security researchers who reported security bugs through its Vulnerability Reward Program (VRP) in 2025. The company says it has awarded over $81.6 million in bug bounties since the first Vulnerability Reward Program went live in 2010, while the highest reward paid last year was of $250,000. “Our VRP once […]
Google: Cloud attacks exploit flaws more than weak credentials
Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days. At the same time, the use of weak credentials or misconfigurations has dropped significantly in the second half of 2025, Google notes in a report highlighting the […]
Android gets patches for Qualcomm zero-day exploited in attacks
Google has released security updates to patch 129 Android security vulnerabilities, including an actively exploited zero-day flaw in a Qualcomm display component. “There are indications that CVE-2026-21385 may be under limited, targeted exploitation,” the company said on Monday in its March 2025 Android Security Bulletin. While Google didn’t provide any further information on the attacks currently targeting […]
Chinese cyberspies breached dozens of telecom firms, govt agencies
Google’s Threat Intelligence Group (GTIG), Mandiant, and partners disrupted a global espionage campaign attributed to a suspected Chinese threat actor that used SaaS API calls to hide malicious traffic in attacks targeting telecom and government networks. The campaign has been active since at least 2023 and has impacted 53 organizations in 42 countries, with suspected infections […]