Russian hackers bypass Gmail MFA using stolen app passwords
Russian hackers bypass multi-factor authentication and access Gmail accounts by leveraging app-specific passwords in advanced social engineering attacks that impersonate U.S. Department of State officials. The threat actor targeted well-known academics and critics of Russia in what is described as a “sophisticated and personalized novel social engineering attack” that did not rush the persons of […]
ChatGPT will analyze Gmail emails, manage schedule on Google Calendar
ChatGPT appears to be testing support for Gmail and Google Calendar integration. This will allow users to summarise emails and create events. ChatGPT already supports Gmail integration, but it’s tied to Deep Research. Right now, you can use information from Gmail in your Deep Research reports, but it’s not possible to pull up emails from Gmail […]
Hackers switch to targeting U.S. insurance companies
Threat intelligence researchers are warning of hackers breaching multiple U.S. companies in the insurance industry using all the tactics observed with Scattered Spider activity. Typically, the threat group has a sector-by-sector focus. Previously, they targeted retail organizations in the United Kingdom and then switched to targets in the same sector in the United States. “Google […]
Google links massive cloud outage to API management issue
Google says an API management issue is behind Thursday’s massive Google Cloud outage, which disrupted or brought down its services and many other online platforms. Google says the cloud outage started around 10:49 ET and ended at 3:49 ET, after causing issues for millions of users worldwide for over three hours. Besides Google Cloud, the incident also […]
Google patched bug leaking phone numbers tied to accounts
A vulnerability allowed researchers to brute-force any Google account’s recovery phone number simply by knowing a their profile name and an easily retrieved partial phone number, creating a massive risk for phishing and SIM-swapping attacks. The attack method involves abusing a now-deprecated JavaScript-disabled version of the Google username recovery form, which lacked modern anti-abuse protections. The […]
Google’s upcoming Gemini Kingfall is allegedly a coding beast
Google’s AI advancement is not slowing down, and we might be getting yet another powerful model codenamed “Gemini Kingfall.” As spotted by users on X, Gemini Kingfall briefly appeared on AI Studio for approximately 20 minutes before it was taken down. While the details aren’t available, Gemini Kingfall doesn’t appear to be an update to the existing […]
Google patches new Chrome zero-day bug exploited in attacks
Google has released an emergency security update to fix the third Chrome zero-day vulnerability exploited in attacks since the start of the year. “Google is aware that an exploit for CVE-2025-5419 exists in the wild,” the company warned in a security advisory published on Monday. This high-severity vulnerability is caused by an out-of-bounds read and write weakness in Chrome’s V8 JavaScript engine, […]
Google Chrome to distrust Chunghwa Telecom, Netlock certificates in August
Google says it will no longer trust root CA certificates signed by Chunghwa Telecom and Netlock in the Chrome Root Store due to a pattern of compliance failures and failure to make improvements. The change will come in Google Chrome version 139, which is scheduled for release on August 1, 2025. The tech giant cites ongoing compliance […]
Threat actors abuse Google Apps Script in evasive phishing attacks
Threat actors are abusing the ‘Google Apps Script’ development platform to host phishing pages that appear legitimate and steal login credentials. This new trend was spotted by security researchers at Cofense, who warn that the fraudulent login window is “carefully designed to look like a legitimate login screen.” “The attack uses an email masquerading as […]
APT41 malware abuses Google Calendar for stealthy C2 communication
The Chinese APT41 hacking group uses a new malware named ‘ToughProgress’ that exploits Google Calendar for command-and-control (C2) operations, hiding malicious activity behind a trusted cloud service. The campaign was discovered by Google’s Threat Intelligence Group, which identified and dismantled attacker-controlled Google Calendar and Workspace infrastructure and introduced targeted measures to prevent such abuse in the […]