FBI disrupts massive AI-powered phishing service using a million URLs
In a coordinated effort, the FBI, working with Google and Black Lotus Labs, has dismantled a massive Chinese phishing-as-a-service operation called Outsider Enterprise with thousands of phishing websites used to steal credit card data and passwords. The cybercrime operation used AI and distributed phishing kits for campaigns impersonating various trusted brands in texts sent through […]
Google patches new Chrome zero-day flaw exploited in the wild
Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year. “Google is aware that an exploit for CVE-2026-11645 exists in the wild,” the company said in a Monday security advisory. The company fixed the zero-day for users […]
Google adds Android protection against AI deepfake scam calls
Google is introducing a new Android security feature that will detect and flag phone calls in which scammers use artificial intelligence to impersonate a user’s personal contacts. Called “fake call detection,” the feature is rolling out globally this month to Android 12 and later devices, starting with Pixel devices, and will be enabled by default. Once activated, it works […]
Google fixes one actively exploited Android zero-day, 124 flaws
Google has released the June 2026 Android security patches to address 124 vulnerabilities, including one zero-day flaw exploited in targeted attacks. Local attackers can exploit the actively abused high-severity Android Framework vulnerability (tracked as CVE-2025-48595) to gain code execution and escalate privileges on devices running Android 14 or later. “There are indications that CVE-2025-48595 may […]
Google Chrome adds session cookie theft protection for all users
Google says the Chrome Device Bound Session Credentials (DBSC) security feature is now generally available and is rolling out to all users to prevent account takeovers. Available in beta since April, DBSC was first announced in 2024 as a way to cryptographically bind session cookies to a specific device, preventing hackers from using such stolen cookies to bypass […]
US charges Google security engineer with Polymarket insider trading
A Google security engineer was charged with insider trading after winning $1.2 million using confidential company data to place bets on the cryptocurrency-based Polymarket decentralized prediction market. 36-year-old Michele Spagnuolo, an Italian citizen residing in Switzerland and a Google employee since 2014, appeared on Wednesday in the Southern District of New York. In parallel, the Commodity […]
Google now offers up to $1.5 million for some Android exploits
Google overhauls its Android and Chrome vulnerability rewards programs, offering bounties of up to $1.5 million for the most difficult exploits while scaling back payouts for flaws that artificial intelligence (AI) has made easier to find. The top reward of $1.5 million is reserved for zero-click Pixel Titan M2 security chip full-chain exploits with persistence, […]
Google expands Gemini AI use to fight malicious ads on its platform
Google says it is increasingly using its Gemini AI models to detect and block harmful ads on its advertising platforms, as scammers and threat actors continue to evolve their tactics to evade detection. In a new post, the company reports having blocked or removed 8.3 billion ads and suspended 24.9 million advertiser accounts in 2025, […]
Google rolls out Gmail end-to-end encryption on mobile devices
Google says Gmail end-to-end encryption (E2EE) is now available on all Android and iOS devices, allowing enterprise users to read and compose emails without additional tools. Starting this week, encrypted messages will be delivered as regular emails to Gmail recipients’ inboxes if they use the Gmail app. Recipients who don’t have the Gmail mobile app […]
Google fixes fourth Chrome zero-day exploited in attacks in 2026
Google released emergency updates to fix another Chrome zero-day vulnerability exploited in attacks, marking the fourth such security flaw patched since the start of the year. “Google is aware that an exploit for CVE-2026-5281 exists in the wild,” Google said in a security advisory issued on Tuesday. As detailed in the Chromium commit history, this vulnerability stems […]