< ciso
brief />
Tag Banner

All news with #google tag

584 articles

GhostApproval flaw exposes AI coding assistants' risks

🛡️ A Wiz report details "GhostApproval," a vulnerability pattern in six AI coding assistants that lets malicious repos use symlinks to escape sandboxes and trick human approvers into authorizing writes outside the workspace. Vendors including AWS, Cursor and Google patched quickly; others acknowledged or had already fixed the issue. Analysts warn this reflects a category-wide design problem where human-in-the-loop prompts can be misleading and enterprises must treat these tools as privileged software and enforce stronger controls.
read more →

AlphaEvolve now generally available on Gemini

🧭 AlphaEvolve, now GA on the Gemini Enterprise Agent Platform, is an agentic code optimization and discovery tool designed to tackle hard algorithmic problems across domains like logistics, semiconductors, genomics, and finance. It follows a four-step workflow — Define, Measure, Optimize, Apply — to move from a baseline algorithm to production-ready optimized code. Early customers report substantial gains in accuracy, performance, and efficiency across production pipelines and HPC workloads.
read more →

Phishing job interviews steal Google credentials

🔒 Security teams have uncovered a targeted phishing campaign impersonating over 30 major brands to lure candidates into fake job interviews and harvest Google account passwords. Attackers use realistic recruiter names, photos and PeopleForce-sent messages to appear legitimate, and links redirect through trusted domains to a calendar booking page that prompts a Google sign-in. The scheme leverages a browser-in-the-browser trick where a fake Google auth pop-up captures credentials, though password managers can often block autofill. The campaign has operated for months and highlights growing sophistication in recruitment scams amid workplace uncertainty.
read more →

Gemini Enterprise for Education Named a Commander

🚀 Gemini Enterprise for Education has been named a Commander in the Tambellini StarChart™: 2026 AI Agents for Administrative Efficiency—Agent Platforms, ranking first in innovation and usability. The platform unifies Gemini models, agent-building tools, enterprise search, governance controls, and Google Cloud infrastructure to help institutions automate administrative workflows, support students, and enable research. Customers such as UC Riverside and Purdue report measurable operational and educational benefits from the integrated, governed agentic solution.
read more →

Google announces 33 AI-native cybersecurity startups

🛡️ Google for Startups has selected 33 cybersecurity startups for the Gemini Startup Forum: Cybersecurity, pairing each company with experts from Google DeepMind, Google Cloud, and Wiz. The cohort addresses six focus areas including autonomous agent protection, post-quantum cryptography, and data-in-use protection. Startups span agent security, cloud posture, DLP, cryptography, and AI-native SOC tooling. The forum offers APIs, tools, training, and technical resources to accelerate AI-native security innovations.
read more →

Critical Dialogflow CX 'Rogue Agent' code execution flaw

🛡️ A critical flaw in Google Dialogflow CX's Code Blocks could let an attacker with edit rights on one agent compromise other Code Block-enabled agents in the same Google Cloud project. Varonis named the issue Rogue Agent; it required the dialogflow.playbooks.update permission and thus implied a malicious insider or compromised developer account rather than an unauthenticated internet attacker. Google fixed the vulnerability after Varonis disclosed it via the VRP; there are no signs of exploitation.
read more →

Google sues scammers leveraging Gemini AI

🛡️ Google has filed suit against a group called Outsider Enterprise, accused of running phishing-as-a-service via Telegram using Gemini to create convincing fake sites. The operation reportedly offered nearly 300 scam templates impersonating Google, YouTube, and agencies like New York’s E‑ZPass. Google coordinated with carriers and used on‑device protections in Google Messages to block many malicious texts. The company hopes legal action and technical defenses will curb the campaign.
read more →

Phishing job interview scam targets Google accounts

📧 A phishing campaign impersonates over 30 major brands to lure marketing professionals with fake job interview invites and steal Google credentials. The attackers abuse legitimate platforms like PeopleForce and an ExactTarget/Salesforce Marketing Cloud-linked domain, chaining redirects through services such as Wise Agent to reach malicious landing pages. The campaign uses real recruiter names and browser-in-the-browser popups to harvest sign-in data.
read more →

FBI and Google Disrupt Major NetNut Proxy Network

🛡️ In a coordinated international action, the FBI and Google's Threat Intelligence Group disrupted NetNut, a large commercial residential proxy network built on the Popa botnet. The operation targeted infrastructure, seized domains and worked with partners like Lumen and the IRS to degrade the service. Google disabled accounts, updated Play Protect and removed compromised apps to reduce the pool of infected devices by millions. The takedown exposed ties between the botnet and reseller programs and prompted debate after some NetNut domains remained temporarily active.
read more →

Google Disrupts NetNut Residential Proxy Network

🛡️ Google says its Threat Intelligence Group, working with FBI and industry partners, has degraded NetNut (aka Popa), a large residential proxy network that turns home devices into rented relays. GTIG estimates NetNut controlled at least 2 million devices, including smart TVs and streaming boxes, which can be used to route criminals' traffic through private home connections. NetNut is linked to publicly traded Alarum Technologies, which denies wrongdoing and says its software provides consented bandwidth sharing. Researchers found many apps did not show consent prompts, and Google warns the network is resilient through reseller arrangements and may reappear under different brands.
read more →

CJEU upholds €4.1B antitrust fine against Google

📢 The Court of Justice of the European Union has dismissed Google's final appeal against a €4.1 billion antitrust fine related to Android. The ruling affirms that Google used pre-installation, anti-fragmentation agreements, and certain revenue-sharing deals to strengthen its dominant position and restrict competition. Google contests the decision, noting changes to its practices since 2018 and arguing that market realities have shifted.
read more →

Google Disrupts Major Residential Proxy Network

🛡️ Today Google, working with the FBI, Lumen, and other partners, disrupted the NetNut (Popa) residential proxy network, building on earlier action against IPIDEA. Google disabled accounts used for NetNut C2, shared technical intelligence on SDKs and backend infrastructure, and ensured Play Protect warned users and disabled apps with NetNut SDKs. The disruption reduced NetNut’s available device pool by millions, though Google expects proxy operators to adapt and resell capacity.
read more →

Google’s June 2026 AI product and research updates

🧭 In June 2026 Google highlighted a broad set of AI advances spanning local models like Gemma 4 12B, Gemini 3.5 Flash integrations, new Android 17 and Pixel Drop features, and multimodal APIs for developers. The update covers consumer devices, developer tools, education and climate applications, as well as efforts to counter AI-enabled scams and support public services.
read more →

Context-Aware Polymorphic Schema Validation

🛠️ This post outlines an architecture using Google's ADK and Gemini Flash to replace static prompt-driven agents with a just-in-time, metadata-driven orchestration. It externalizes JSON schema descriptors to a Central Metadata Registry and employs a lightweight discovery prompt plus dynamic validation hooks (Cloud Run) to ensure deterministic, schema-compliant payloads. The pattern reduces context bloat, lowers token costs, and prevents attention diffusion in multi-agent workflows.
read more →

BigQuery Conversational Analytics Now Generally Available

🧭 Conversational Analytics in BigQuery is now generally available, enabling business and technical users to query data, run multi-step analyses, and produce visual reports using natural language directly where data resides. Built on Google’s Gemini models and BigQuery’s governed foundation, it offers inspectable answers, context citations, proactive disambiguation, and long-term memory. The feature integrates with Lakehouse sources, supports enterprise security and governance controls, and provides agentic workflows for scheduled monitoring and automated reports.
read more →

AirDrop and Quick Share weaknesses disrupt sharing

🔒 Two researchers disclosed six vulnerabilities in AirDrop and Quick Share that let a nearby attacker crash or manipulate file‑sharing sessions. The issues impact Apple and Samsung implementations and include a stack overflow in Apple's XML plist parser and a Windows memory bug in Google's Quick Share app. Apple, Google, and Samsung have begun issuing fixes and coordinating disclosures; users should update and restrict visibility settings.
read more →

Turner Industries’ secure cloud-first infrastructure

🔒 Turner Industries migrated to ChromeOS, Google Workspace, Chrome Enterprise Premium, and Cameyo to reduce costs and improve security. The shift extended device lifecycles, cut per-device costs by 40–50%, and saved an estimated $700,000 on new hardware plus $600,000 by converting existing devices with ChromeOS Flex. Faster deployments and simplified management freed IT to focus on strategic work while maintaining strong endpoint protection and legacy app access.
read more →

AI Liability and the Publisher–Carrier Distinction

📰 The German court found Google liable for AI-generated search summaries, rejecting defenses that users should verify AI output themselves. This ruling highlights the historical distinction between carriers and publishers and argues that AI summaries act like editorial content. Past cases, like Air Canada’s chatbot ruling, reinforce that organizations are responsible for their AI agents. The decision could force companies to improve AI accuracy or curtail certain commercial uses.
read more →

High‑Install Chrome Extension Enables Remote Script Injection

🛡️ An analysis of a widely installed Google Chrome extension, Adblock for YouTube (10M+ installs), revealed it can execute arbitrary JavaScript across websites. Researchers found a dormant, server‑controlled injection capability that could create elements without an extension update or store review. Although no evidence of active abuse was reported, the combination of all‑site access, prior ad‑injection SDKs, and related removed extensions raises significant privacy and security concerns.
read more →

Google expands privacy controls for Search and Play

🔒 Google announced new privacy controls that separate saved history and personalization for Search services and Google Play, rolling out in users' Google Accounts in the coming days. The update creates distinct Search Services History and Personalized Recommendations settings, and similarly splits Play History and Personalization in Play. If Web & App Activity is on, the new Search Services History and its Save Media subsetting will be enabled after transition, but users can disable or delete saved media later.
read more →