Tag Google

Google Issues Android Security Patch to Address 3 Actively Exploited Vulnerabilities

Date: July 7, 2023

In its latest security update, Google has addressed 46 new vulnerabilities in the Android operating system, highlighting three that are actively exploited in targeted attacks. Notably, CVE-2023-26083 pertains to a memory leak issue in the Arm Mali GPU driver for Bifrost, Avalon, and Valhall architectures. This vulnerability was previously exploited in December 2022, allowing spyware to infiltrate Samsung devices. Its severity prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue a patching directive for federal agencies in April 2023. Additionally, CVE-2021-29256 represents a high-severity flaw affecting certain versions of the Bifrost and Midgard Arm Mali GPU kernel drivers, enabling an unprivileged user to access sensitive data and escalate privileges to the root level.

Google Addresses Critical Vulnerabilities in Latest Android Update On July 7, 2023, Google rolled out its monthly security updates for the Android operating system, patching a total of 46 newly identified vulnerabilities. Notably, three of these vulnerabilities have been confirmed as actively exploited in specific targeted attacks, raising concerns among…

Read More

Google Issues Android Security Patch to Address 3 Actively Exploited Vulnerabilities

Date: July 7, 2023

In its latest security update, Google has addressed 46 new vulnerabilities in the Android operating system, highlighting three that are actively exploited in targeted attacks. Notably, CVE-2023-26083 pertains to a memory leak issue in the Arm Mali GPU driver for Bifrost, Avalon, and Valhall architectures. This vulnerability was previously exploited in December 2022, allowing spyware to infiltrate Samsung devices. Its severity prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue a patching directive for federal agencies in April 2023. Additionally, CVE-2021-29256 represents a high-severity flaw affecting certain versions of the Bifrost and Midgard Arm Mali GPU kernel drivers, enabling an unprivileged user to access sensitive data and escalate privileges to the root level.

Hackers Launch Social Engineering Attack on Workday

Workday has confirmed it suffered a significant data breach stemming from a comprehensive social engineering campaign that compromised a third-party vendor’s information. This breach allowed unauthorized individuals to infiltrate systems and potentially access sensitive data. The attackers employed deceptive tactics, impersonating IT and human resources personnel, ultimately tricking employees into…

Read MoreHackers Launch Social Engineering Attack on Workday

The Allianz Life Data Breach Has Undergone a Significant Escalation

A significant data breach at Allianz Life has been exposed, with the credential notification site Have I Been Pwned reporting that approximately 1.1 million accounts have been compromised. This figure represents a substantial proportion of Allianz Life’s 1.4 million North American customers, alongside data from financial professionals and specific Allianz…

Read MoreThe Allianz Life Data Breach Has Undergone a Significant Escalation

Google Chrome’s New Feature Allows One-Click Password Updates for Breached Accounts

May 21, 2025
Data Breach / Account Security

Google has introduced an innovative feature in its Chrome browser that enables its built-in Password Manager to automatically change a user’s password when it identifies compromised credentials. According to Google’s Ashima Arora, Chirag Desai, and Eiji Kitamura, “When Chrome detects a compromised password during sign-in, Google Password Manager prompts the user with an option to fix it automatically.” On supported websites, Chrome can create a strong new password and update the user’s credentials seamlessly. This feature enhances the Password Manager’s existing functionalities, which include generating secure passwords during account creation and flagging credentials involved in data breaches. Google has informed The Hacker News that this feature has not yet been officially released for end users, as it is primarily focused on developers to help optimize their websites in anticipation of the rollout. The automated password change aims to streamline the process and reduce friction for users concerned about their account security.

Google Chrome Introduces Automated Password Update Feature Amid Rising Data Breach Concerns May 21, 2025 Cybersecurity / Data Protection In a significant update aimed at enhancing online security, Google has unveiled a new feature for its Chrome browser that empowers the built-in Password Manager to automatically update compromised passwords. This…

Read More

Google Chrome’s New Feature Allows One-Click Password Updates for Breached Accounts

May 21, 2025
Data Breach / Account Security

Google has introduced an innovative feature in its Chrome browser that enables its built-in Password Manager to automatically change a user’s password when it identifies compromised credentials. According to Google’s Ashima Arora, Chirag Desai, and Eiji Kitamura, “When Chrome detects a compromised password during sign-in, Google Password Manager prompts the user with an option to fix it automatically.” On supported websites, Chrome can create a strong new password and update the user’s credentials seamlessly. This feature enhances the Password Manager’s existing functionalities, which include generating secure passwords during account creation and flagging credentials involved in data breaches. Google has informed The Hacker News that this feature has not yet been officially released for end users, as it is primarily focused on developers to help optimize their websites in anticipation of the rollout. The automated password change aims to streamline the process and reduce friction for users concerned about their account security.

Google Strengthens GenAI Security with Enhanced Multi-Layered Defenses Against Prompt Injection Threats

June 23, 2025
Artificial Intelligence / AI Security

Google has announced new safety measures aimed at fortifying its generative artificial intelligence (AI) systems against emerging threats such as indirect prompt injections. These attacks, unlike direct prompt injections that involve the submission of harmful commands, embed malicious instructions within external data sources like emails, documents, or calendar invites, potentially leading AI systems to leak sensitive information or execute harmful actions. In response, Google’s GenAI security team has developed a comprehensive “layered” defense strategy that raises the difficulty, cost, and complexity associated with executing successful attacks. This multifaceted approach includes model hardening and the introduction of specialized safeguards.

Google Enhances Security Measures to Protect GenAI from Prompt Injection Threats On June 23, 2025, Google announced strategic enhancements to the security of its generative artificial intelligence (AI) systems, aimed at countering sophisticated attack vectors such as indirect prompt injection. This development comes amid rising concerns about vulnerabilities in AI…

Read More

Google Strengthens GenAI Security with Enhanced Multi-Layered Defenses Against Prompt Injection Threats

June 23, 2025
Artificial Intelligence / AI Security

Google has announced new safety measures aimed at fortifying its generative artificial intelligence (AI) systems against emerging threats such as indirect prompt injections. These attacks, unlike direct prompt injections that involve the submission of harmful commands, embed malicious instructions within external data sources like emails, documents, or calendar invites, potentially leading AI systems to leak sensitive information or execute harmful actions. In response, Google’s GenAI security team has developed a comprehensive “layered” defense strategy that raises the difficulty, cost, and complexity associated with executing successful attacks. This multifaceted approach includes model hardening and the introduction of specialized safeguards.

From Awareness to Implementation: Cultivating Enduring Cybersecurity Practices

For insights on enhancing your organization’s cybersecurity measures, consider exploring Security Awareness Programs & Computer-Based Training and Training & Security Leadership. Authored by Brandy Harris • August 15, 2025 Every October, companies reexamine their cybersecurity protocols, reiterating that “Security is everyone’s responsibility.” Despite these efforts, the prevalence of security incidents…

Read MoreFrom Awareness to Implementation: Cultivating Enduring Cybersecurity Practices

Google Unveils Vishing Operation UNC6040 Targeting Salesforce with Fake Data Loader App

June 4, 2025
Threat Intelligence / Data Breach

Google has revealed insights into a financially driven threat group called UNC6040, which specializes in voice phishing (vishing) tactics aimed at infiltrating organizations’ Salesforce accounts for extensive data theft and extortion efforts. The tech giant’s threat intelligence team has linked this group to an online cybercrime network known as The Com. According to a report shared with The Hacker News, UNC6040 has successfully breached multiple networks by having its operators impersonate IT support staff in persuasive telephone-based social engineering campaigns. This method has effectively deceived English-speaking employees into taking actions that grant the attackers access or encourage them to share sensitive information.

Google Unveils Vishing Campaign Targeting Salesforce by Threat Group UNC6040 June 4, 2025 In a recent disclosure, Google has revealed insights into a financially motivated threat group known as UNC6040, which is reportedly executing sophisticated voice phishing, or vishing, operations aimed at infiltrating Salesforce instances. These attacks focus on large-scale…

Read More

Google Unveils Vishing Operation UNC6040 Targeting Salesforce with Fake Data Loader App

June 4, 2025
Threat Intelligence / Data Breach

Google has revealed insights into a financially driven threat group called UNC6040, which specializes in voice phishing (vishing) tactics aimed at infiltrating organizations’ Salesforce accounts for extensive data theft and extortion efforts. The tech giant’s threat intelligence team has linked this group to an online cybercrime network known as The Com. According to a report shared with The Hacker News, UNC6040 has successfully breached multiple networks by having its operators impersonate IT support staff in persuasive telephone-based social engineering campaigns. This method has effectively deceived English-speaking employees into taking actions that grant the attackers access or encourage them to share sensitive information.

⚡ Weekly Update: Chrome Vulnerability, Data Wiping Attacks, Tool Misuse, and Zero-Click iPhone Exploits

June 9, 2025
Cybersecurity / Hacking News

Every security alert unveils a deeper narrative. It could indicate a system under scrutiny or reveal a gradual erosion of trust—manifesting through delayed responses, unusual activities, or unnoticed control gaps. This week, we dive deeper to uncover what’s truly significant. Whether it stems from flawed design, concealed access, or unintentional misuse, understanding where to direct your focus is crucial. For those tasked with safeguarding systems, data, or individuals, these updates are not just important—they’re vital. These insights illuminate the mindset of attackers and identify areas where vulnerabilities remain.

⚡ Threat of the Week

Google Issues Critical Patches for Actively Exploited Chrome 0-Day
Google has rolled out updates for Chrome versions 137.0.7151.68/.69 on Windows and macOS, and 137.0.7151.68 for Linux, addressing a critical out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine known to be actively exploited. The company acknowledged the contributions of security researchers Clement Lecigne and Benoît Sevens from Google T…

Weekly Cybersecurity Report: Chrome Exploit, Data Destruction Tools, and Zero-Click iPhone Breaches On June 9, 2025, significant developments in cybersecurity have come to light, shedding light on the evolving landscape of digital threats. At the core of these events is the ongoing battle for system integrity and public trust. This…

Read More

⚡ Weekly Update: Chrome Vulnerability, Data Wiping Attacks, Tool Misuse, and Zero-Click iPhone Exploits

June 9, 2025
Cybersecurity / Hacking News

Every security alert unveils a deeper narrative. It could indicate a system under scrutiny or reveal a gradual erosion of trust—manifesting through delayed responses, unusual activities, or unnoticed control gaps. This week, we dive deeper to uncover what’s truly significant. Whether it stems from flawed design, concealed access, or unintentional misuse, understanding where to direct your focus is crucial. For those tasked with safeguarding systems, data, or individuals, these updates are not just important—they’re vital. These insights illuminate the mindset of attackers and identify areas where vulnerabilities remain.

⚡ Threat of the Week

Google Issues Critical Patches for Actively Exploited Chrome 0-Day
Google has rolled out updates for Chrome versions 137.0.7151.68/.69 on Windows and macOS, and 137.0.7151.68 for Linux, addressing a critical out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine known to be actively exploited. The company acknowledged the contributions of security researchers Clement Lecigne and Benoît Sevens from Google T…