Tag Google

Researcher Uncovers Vulnerability Exposing Phone Numbers Linked to Google Accounts

Jun 10, 2025
Vulnerability / API Security

Google has acted to resolve a security flaw that could allow malicious actors to brute-force recovery phone numbers associated with Google accounts, potentially compromising user privacy and security. Singaporean security researcher “brutecat” identified that the vulnerability exploited a weakness in the company’s account recovery feature. The issue involved a now-obsolete version of the Google username recovery form (“accounts.google[.]com/signin/usernamerecovery”) that lacked sufficient anti-abuse measures to limit excessive requests. This page allows users to check if a recovery email or phone number is linked to a specific display name (e.g., “John Smith”). By bypassing the CAPTCHA rate limits, attackers could rapidly test various permutations of a Google account’s phone number, leading to possible exploitation.

Security Flaw Discovered in Google Account Recovery Process Exposes User Privacy On June 10, 2025, a significant security vulnerability was identified in Google’s account recovery system, raising concerns about potential risks to user privacy and security. The flaw, discovered by Singaporean security researcher known as “brutecat,” allows for the brute-force…

Read More

Researcher Uncovers Vulnerability Exposing Phone Numbers Linked to Google Accounts

Jun 10, 2025
Vulnerability / API Security

Google has acted to resolve a security flaw that could allow malicious actors to brute-force recovery phone numbers associated with Google accounts, potentially compromising user privacy and security. Singaporean security researcher “brutecat” identified that the vulnerability exploited a weakness in the company’s account recovery feature. The issue involved a now-obsolete version of the Google username recovery form (“accounts.google[.]com/signin/usernamerecovery”) that lacked sufficient anti-abuse measures to limit excessive requests. This page allows users to check if a recovery email or phone number is linked to a specific display name (e.g., “John Smith”). By bypassing the CAPTCHA rate limits, attackers could rapidly test various permutations of a Google account’s phone number, leading to possible exploitation.

NY Man and Company Ordered to Pay $228M in Ponzi Scheme Settlement

Blockchain & Cryptocurrency, Cryptocurrency Fraud, Fraud Management & Cybercrime Highlights: Coinbase’s Misconfigured Smart Contract, GMX Repayment Plans Rashmi Ramesh (rashmiramesh_) • August 21, 2025 Image: Shutterstock Each week, Information Security Media Group compiles notable cybersecurity incidents in the realm of digital assets. This week includes a New York Ponzi scammer…

Read MoreNY Man and Company Ordered to Pay $228M in Ponzi Scheme Settlement

Google Issues Android Security Patch to Address 3 Actively Exploited Vulnerabilities

Date: July 7, 2023

In its latest security update, Google has addressed 46 new vulnerabilities in the Android operating system, highlighting three that are actively exploited in targeted attacks. Notably, CVE-2023-26083 pertains to a memory leak issue in the Arm Mali GPU driver for Bifrost, Avalon, and Valhall architectures. This vulnerability was previously exploited in December 2022, allowing spyware to infiltrate Samsung devices. Its severity prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue a patching directive for federal agencies in April 2023. Additionally, CVE-2021-29256 represents a high-severity flaw affecting certain versions of the Bifrost and Midgard Arm Mali GPU kernel drivers, enabling an unprivileged user to access sensitive data and escalate privileges to the root level.

Google Addresses Critical Vulnerabilities in Latest Android Update On July 7, 2023, Google rolled out its monthly security updates for the Android operating system, patching a total of 46 newly identified vulnerabilities. Notably, three of these vulnerabilities have been confirmed as actively exploited in specific targeted attacks, raising concerns among…

Read More

Google Issues Android Security Patch to Address 3 Actively Exploited Vulnerabilities

Date: July 7, 2023

In its latest security update, Google has addressed 46 new vulnerabilities in the Android operating system, highlighting three that are actively exploited in targeted attacks. Notably, CVE-2023-26083 pertains to a memory leak issue in the Arm Mali GPU driver for Bifrost, Avalon, and Valhall architectures. This vulnerability was previously exploited in December 2022, allowing spyware to infiltrate Samsung devices. Its severity prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue a patching directive for federal agencies in April 2023. Additionally, CVE-2021-29256 represents a high-severity flaw affecting certain versions of the Bifrost and Midgard Arm Mali GPU kernel drivers, enabling an unprivileged user to access sensitive data and escalate privileges to the root level.

Hackers Launch Social Engineering Attack on Workday

Workday has confirmed it suffered a significant data breach stemming from a comprehensive social engineering campaign that compromised a third-party vendor’s information. This breach allowed unauthorized individuals to infiltrate systems and potentially access sensitive data. The attackers employed deceptive tactics, impersonating IT and human resources personnel, ultimately tricking employees into…

Read MoreHackers Launch Social Engineering Attack on Workday

The Allianz Life Data Breach Has Undergone a Significant Escalation

A significant data breach at Allianz Life has been exposed, with the credential notification site Have I Been Pwned reporting that approximately 1.1 million accounts have been compromised. This figure represents a substantial proportion of Allianz Life’s 1.4 million North American customers, alongside data from financial professionals and specific Allianz…

Read MoreThe Allianz Life Data Breach Has Undergone a Significant Escalation

Google Chrome’s New Feature Allows One-Click Password Updates for Breached Accounts

May 21, 2025
Data Breach / Account Security

Google has introduced an innovative feature in its Chrome browser that enables its built-in Password Manager to automatically change a user’s password when it identifies compromised credentials. According to Google’s Ashima Arora, Chirag Desai, and Eiji Kitamura, “When Chrome detects a compromised password during sign-in, Google Password Manager prompts the user with an option to fix it automatically.” On supported websites, Chrome can create a strong new password and update the user’s credentials seamlessly. This feature enhances the Password Manager’s existing functionalities, which include generating secure passwords during account creation and flagging credentials involved in data breaches. Google has informed The Hacker News that this feature has not yet been officially released for end users, as it is primarily focused on developers to help optimize their websites in anticipation of the rollout. The automated password change aims to streamline the process and reduce friction for users concerned about their account security.

Google Chrome Introduces Automated Password Update Feature Amid Rising Data Breach Concerns May 21, 2025 Cybersecurity / Data Protection In a significant update aimed at enhancing online security, Google has unveiled a new feature for its Chrome browser that empowers the built-in Password Manager to automatically update compromised passwords. This…

Read More

Google Chrome’s New Feature Allows One-Click Password Updates for Breached Accounts

May 21, 2025
Data Breach / Account Security

Google has introduced an innovative feature in its Chrome browser that enables its built-in Password Manager to automatically change a user’s password when it identifies compromised credentials. According to Google’s Ashima Arora, Chirag Desai, and Eiji Kitamura, “When Chrome detects a compromised password during sign-in, Google Password Manager prompts the user with an option to fix it automatically.” On supported websites, Chrome can create a strong new password and update the user’s credentials seamlessly. This feature enhances the Password Manager’s existing functionalities, which include generating secure passwords during account creation and flagging credentials involved in data breaches. Google has informed The Hacker News that this feature has not yet been officially released for end users, as it is primarily focused on developers to help optimize their websites in anticipation of the rollout. The automated password change aims to streamline the process and reduce friction for users concerned about their account security.

Google Strengthens GenAI Security with Enhanced Multi-Layered Defenses Against Prompt Injection Threats

June 23, 2025
Artificial Intelligence / AI Security

Google has announced new safety measures aimed at fortifying its generative artificial intelligence (AI) systems against emerging threats such as indirect prompt injections. These attacks, unlike direct prompt injections that involve the submission of harmful commands, embed malicious instructions within external data sources like emails, documents, or calendar invites, potentially leading AI systems to leak sensitive information or execute harmful actions. In response, Google’s GenAI security team has developed a comprehensive “layered” defense strategy that raises the difficulty, cost, and complexity associated with executing successful attacks. This multifaceted approach includes model hardening and the introduction of specialized safeguards.

Google Enhances Security Measures to Protect GenAI from Prompt Injection Threats On June 23, 2025, Google announced strategic enhancements to the security of its generative artificial intelligence (AI) systems, aimed at countering sophisticated attack vectors such as indirect prompt injection. This development comes amid rising concerns about vulnerabilities in AI…

Read More

Google Strengthens GenAI Security with Enhanced Multi-Layered Defenses Against Prompt Injection Threats

June 23, 2025
Artificial Intelligence / AI Security

Google has announced new safety measures aimed at fortifying its generative artificial intelligence (AI) systems against emerging threats such as indirect prompt injections. These attacks, unlike direct prompt injections that involve the submission of harmful commands, embed malicious instructions within external data sources like emails, documents, or calendar invites, potentially leading AI systems to leak sensitive information or execute harmful actions. In response, Google’s GenAI security team has developed a comprehensive “layered” defense strategy that raises the difficulty, cost, and complexity associated with executing successful attacks. This multifaceted approach includes model hardening and the introduction of specialized safeguards.

From Awareness to Implementation: Cultivating Enduring Cybersecurity Practices

For insights on enhancing your organization’s cybersecurity measures, consider exploring Security Awareness Programs & Computer-Based Training and Training & Security Leadership. Authored by Brandy Harris • August 15, 2025 Every October, companies reexamine their cybersecurity protocols, reiterating that “Security is everyone’s responsibility.” Despite these efforts, the prevalence of security incidents…

Read MoreFrom Awareness to Implementation: Cultivating Enduring Cybersecurity Practices

Google Unveils Vishing Operation UNC6040 Targeting Salesforce with Fake Data Loader App

June 4, 2025
Threat Intelligence / Data Breach

Google has revealed insights into a financially driven threat group called UNC6040, which specializes in voice phishing (vishing) tactics aimed at infiltrating organizations’ Salesforce accounts for extensive data theft and extortion efforts. The tech giant’s threat intelligence team has linked this group to an online cybercrime network known as The Com. According to a report shared with The Hacker News, UNC6040 has successfully breached multiple networks by having its operators impersonate IT support staff in persuasive telephone-based social engineering campaigns. This method has effectively deceived English-speaking employees into taking actions that grant the attackers access or encourage them to share sensitive information.

Google Unveils Vishing Campaign Targeting Salesforce by Threat Group UNC6040 June 4, 2025 In a recent disclosure, Google has revealed insights into a financially motivated threat group known as UNC6040, which is reportedly executing sophisticated voice phishing, or vishing, operations aimed at infiltrating Salesforce instances. These attacks focus on large-scale…

Read More

Google Unveils Vishing Operation UNC6040 Targeting Salesforce with Fake Data Loader App

June 4, 2025
Threat Intelligence / Data Breach

Google has revealed insights into a financially driven threat group called UNC6040, which specializes in voice phishing (vishing) tactics aimed at infiltrating organizations’ Salesforce accounts for extensive data theft and extortion efforts. The tech giant’s threat intelligence team has linked this group to an online cybercrime network known as The Com. According to a report shared with The Hacker News, UNC6040 has successfully breached multiple networks by having its operators impersonate IT support staff in persuasive telephone-based social engineering campaigns. This method has effectively deceived English-speaking employees into taking actions that grant the attackers access or encourage them to share sensitive information.