Google Chrome to distrust Chunghwa Telecom, Netlock certificates in August
Google says it will no longer trust root CA certificates signed by Chunghwa Telecom and Netlock in the Chrome Root Store due to a pattern of compliance failures and failure to make improvements. The change will come in Google Chrome version 139, which is scheduled for release on August 1, 2025. The tech giant cites ongoing compliance […]
Threat actors abuse Google Apps Script in evasive phishing attacks
Threat actors are abusing the ‘Google Apps Script’ development platform to host phishing pages that appear legitimate and steal login credentials. This new trend was spotted by security researchers at Cofense, who warn that the fraudulent login window is “carefully designed to look like a legitimate login screen.” “The attack uses an email masquerading as […]
APT41 malware abuses Google Calendar for stealthy C2 communication
The Chinese APT41 hacking group uses a new malware named ‘ToughProgress’ that exploits Google Calendar for command-and-control (C2) operations, hiding malicious activity behind a trusted cloud service. The campaign was discovered by Google’s Threat Intelligence Group, which identified and dismantled attacker-controlled Google Calendar and Workspace infrastructure and introduced targeted measures to prevent such abuse in the […]
Google claims users find ads in AI search ‘helpful’
Google AI mode and AI Overviews now have ads, which, according to the search engine giant, are “helpful.” At the Google Marketing Live event last week, Google confirmed it has started rolling out ads to AI mode and AI Overviews in the US, which create new “opportunities for customers.” While I haven’t seen ads in AI […]
Google fixes high severity Chrome flaw with public exploit
Google has released emergency security updates to patch a high-severity vulnerability in the Chrome web browser that could lead to full account takeover following successful exploitation. While it’s unclear if this security flaw has been used in attacks, the company warned that it has a public exploit, which is how it usually hints at active […]
Google Chrome to block admin-level browser launches for better security
Google is rolling out a change to Chromium that “de-elevates” Google Chrome so it does not run as an administrator to increase security in Windows. Microsoft previously introduced a similar feature in 2019 to the Edge Browser. When users launched Edge with elevated permissions, a warning would appear, recommending that they relaunch the browser without administrative rights. Later, […]
Hackers behind UK retail attacks now targeting US companies
Google warned today that hackers using Scattered Spider tactics against retail chains in the United Kingdom have also started targeting retailers in the United States. “The US retail sector is currently being targeted in ransomware and extortion operations that we suspect are linked to UNC3944, also known as Scattered Spider,” John Hultquist, Chief Analyst at […]
CISA tags recently patched Chrome bug as actively exploited
On Thursday, CISA warned U.S. federal agencies to secure their systems against ongoing attacks exploiting a high-severity vulnerability in the Chrome web browser. Solidlab security researcher Vsevolod Kokorin discovered the flaw (CVE-2025-4664) and shared technical details online on May 5th. Google released security updates to patch it on Wednesday. As Kokorin explained, the vulnerability is due to insufficient policy enforcement […]
Android 16 expands ‘Advanced Protection’ with device-level security
Google is announcing improvements for the Advanced Protection feature in Android 16 that strengthen defenses against sophisticated spyware attacks. The Android platform has been a constant target for spyware campaigns and sophisticated attacks using digital forensics platforms that often rely on zero-day vulnerabilities to infect devices with minimal or no user interaction. Google already offers the ‘Advanced Protection Program‘ […]
Google to pay $1.375 billion to settle Texas data privacy violations
Google has agreed to a $1.375 billion settlement with the state of Texas over a 2022 lawsuit that alleged it had been collecting and using biometric data of millions of Texans without properly acquiring their consent. The office of Texas Attorney General Ken Paxton announced the settlement agreement, which called it a ‘historic win’ for […]