All news with #google tag

FTC Probes Gmail Spam Filtering Of GOP Fundraising Emails

📧 The FTC chairman sent a letter to Google’s CEO asking why Gmail flagged Republican fundraising messages as spam while allegedly allowing similar Democratic messages through. Email-intelligence firms report that WinRed has triggered far more spamtraps than ActBlue, driven by aggressive list and delivery practices that degrade sender reputation. Blocklists and reputation signals, not political content, explain many filtering outcomes, experts say. The dispute highlights both operational deliverability risks for campaigns and potential regulatory overreach.

EU Fines Google €2.95B for Anti-Competitive Adtech

⚖️The European Commission has fined Google €2.95 billion ($3.5 billion) for abusing its dominance in the digital advertising technology market and favoring its adtech services over competitors. The regulator ordered Google to stop anti-competitive "self-preferencing" practices and to take measures to mitigate conflicts of interest in adtech. Google said the decision is wrong and plans to appeal, warning the changes could harm thousands of European businesses. Separately, France's CNIL fined Google €325 million for placing ads in Gmail without proper consent and violating cookie rules.

Google Cloud Expands Coverage for Compute Flex CUDs

🔔 Google Cloud has expanded its Compute Flexible Committed Use Discounts (Flex CUDs) to cover additional VM families and serverless offerings, delivering broader savings and greater deployment flexibility. The update adds enhanced discounts for memory‑optimized M1–M4 instances and HPC‑optimized H3 and H4D families, and extends coverage to Cloud Run request-based billing and Cloud Functions. A new spend-based billing model applies discounts directly to eligible usage rather than issuing credits, and introduces changes to the Billing UI, Cloud Billing export to BigQuery schema, and Cloud Commerce Consumer Procurement APIs. Customers can opt in immediately; those who do not will be auto-transitioned to the new model on January 21, 2026, while new Billing Accounts created on or after July 15, 2025 will default to the updated model.

GKE Turns 10 Hackathon: Build Agentic AI Microservices

🚀 Join the GKE Turns 10 Hackathon to build next‑generation microservices enhanced with agentic AI. Google provides sample applications (Bank of Anthos or Online Boutique), example agents on GitHub, documentation, quickstarts and a webinar to help teams get started. Submissions must run on GKE and use Google AI models such as Gemini, with agents interacting via APIs rather than altering core application code. Participants may also use the Agent Development Kit (ADK), Model Context Protocol (MCP) and Agent2Agent (A2A) to extend functionality.

Agent Factory Recap: AI, Future Development, Vibe Coding

🛠️ In Episode #6 of the Agent Factory podcast, Keith Ballinger discusses how AI agents and the Gemini CLI are reshaping software development and elevating developers into orchestration and context engineering roles. He demonstrates 'vibe coding' with live demos that produced a command-line markdown viewer in under 15 minutes and highlights open-source projects Terminus and Aether as practical examples. The episode also addresses infrastructure for AI workloads, multi-cloud and edge orchestration, and the growing need for human review in regulated industries.

France Fines Google €325M for Cookie Consent Breaches

⚖ The French data protection authority CNIL has fined Google €325 million for placing advertising cookies and showing ads in Gmail's 'Promotions' and 'Social' tabs without valid user consent after investigations in 2022–2023. CNIL found Google failed to inform new account holders that accepting advertising cookies was required to access services, breaching Article L.34-5 and the French Data Protection Act (Article 82). The authority said the cookie-related practices affected over 74 million accounts (53 million individuals saw the ads), described the conduct as negligent and cited prior sanctions; it also fined Shein €150 million the same day for separate cookie violations.

High-Availability Multi-Regional Services on Cloud Run

🚀 This Cloud Next 2025 talk explains how to build fault-tolerant, multi-region services using Cloud Run, highlighting autoscaling, decoupled control/data planes, and N+1 zonal redundancy. The post previews an upcoming Service Health feature that automates cross-region failover by relying on container readiness probes and minimum-instance settings. It also outlines deployment patterns (global external ALB with Serverless NEGs) and shows a live demo of automated traffic failover.

France Fines Google €325M and Shein €150M Over Cookies

⚖️ The French data protection authority, CNIL, has fined Google €325 million ($379 million) and Shein €150 million ($175 million) for placing advertising cookies without valid consent. CNIL found users were nudged to accept personalized ad cookies during Google account creation and that information remained unclear even after an opt-out option was added in October 2023. The regulator also said targeted ads placed inside Gmail's Promotions and Social tabs required explicit consent under the CPCE. Shein has updated systems and plans to appeal; Google must comply within six months or face €100,000-per-day penalties.

DNS64 and NAT64 for Connecting IPv6-only Workloads

🌐 Google Cloud introduces DNS64 and NAT64 for Cross‑Cloud Network to allow IPv6-only workloads to access IPv4-only services without dual‑stack. DNS64 synthesizes AAAA responses by embedding IPv4 addresses into the 64:ff9b::/96 prefix, and NAT64 translates traffic by extracting those addresses and initiating IPv4 connections on behalf of IPv6 clients. The blog post includes step‑by‑step gcloud commands to create VPCs, DNS64 policies, and a NAT64 gateway.

Google ships September Android patches for 120 flaws

🔒 Google has released its September 2025 Android security updates addressing 120 vulnerabilities, including two issues that Google says have been exploited in limited, targeted attacks. The two highlighted flaws are CVE-2025-38352 (CVSS 7.4), affecting the Linux Kernel, and CVE-2025-48543, impacting the Android Runtime; both can enable local privilege escalation with no user interaction. Google issued patch levels 2025-09-01 and 2025-09-05 to let partners deploy common fixes more quickly and credited Benoît Sevens of TAG with reporting the kernel issue.

Indirect Prompt-Injection Threats to LLM Assistants

🔐 New research demonstrates practical, dangerous promptware attacks that exploit common interactions—calendar invites, emails, and shared documents—to manipulate LLM-powered assistants. The paper Invitation Is All You Need! evaluates 14 attack scenarios against Gemini-powered assistants and introduces a TARA framework to quantify risk. The authors reported 73% of identified threats as High-Critical and disclosed findings to Google, which deployed mitigations. Attacks include context and memory poisoning, tool misuse, automatic agent/app invocation, and on-device lateral movement affecting smart-home and device control.

Model Namespace Reuse: Supply-Chain RCE in Cloud AI

🔒 Unit 42 describes a widespread flaw called Model Namespace Reuse that lets attackers reclaim abandoned Hugging Face Author/ModelName namespaces and distribute malicious model code. The technique can lead to remote code execution and was demonstrated against major platforms including Google Vertex AI and Azure AI Foundry, as well as thousands of open-source projects. Recommended mitigations include version pinning, cloning models to trusted storage, and scanning repositories for reusable references.

Google Refutes Claims of Mass Gmail Password Alert

🔔 Google has disputed reports that it issued a blanket warning asking 2.5 billion Gmail users to reset passwords following a recent breach that allegedly affected some Workspace accounts. In a Monday blog post the company called those headlines false and emphasized that Gmail's protections block over 99.9% of phishing and malware. Google advised users to enable two-step verification and adopt passkeys, and it criticized the spread of unverified claims by media and security vendors.

Salesloft token theft exposes wide-ranging integrations

🔐 The mass theft of authentication tokens from Salesloft’s Drift chatbot has exposed integrations across hundreds of customers, according to Google. Attackers stole valid tokens for services including Slack, Google Workspace, Amazon S3, Microsoft Azure and OpenAI. GTIG said the campaign, tracked as UNC6395, siphoned large amounts of Salesforce data and searched the haul for credentials such as AWS keys, VPN logins and Snowflake access. Customers were urged to immediately invalidate and reauthenticate all Salesloft-connected tokens while Salesloft and incident responders investigate.

Eventarc Advanced: Unified Serverless Eventing Platform

🚀 Eventarc Advanced is now generally available as a unified, serverless eventing platform that centralizes real-time filtering, transformation, management, and delivery for complex microservices environments. It extends Eventarc Standard with a Publish API and a central message bus built on Envoy, enabling per-message access control, multi-format payload handling (Avro, JSON, Protobuf), and built-in routing and observability. The platform is designed to simplify development with a single API while giving platform operators centralized governance, monitoring, and reliable delivery across hybrid and multi-cloud topologies.

Google Cloud and Partners Commit to Apache Iceberg

🔁 Google Cloud and an ecosystem of partners — including Confluent, Databricks, dbt, Fivetran, Informatica, and Snowflake — reaffirm support for the open table format Apache Iceberg to power modern lakehouse architectures. The post highlights Google innovations such as BigLake and a REST Catalog API that unify metadata and enable interoperability across engines like BigQuery, Databricks, and Snowflake. The collaboration aims to reduce data silos, enable time travel and pruning, and accelerate AI-ready analytics.

Google Cloud Expands Confidential Computing with Intel TDX

🔒 Google Cloud has expanded its Intel TDX-based Confidential Computing portfolio, now offering Confidential GKE Nodes, Confidential Space, and Confidential GPUs alongside broader regional availability. Creating an Intel TDX Confidential VM is exposed directly in the GCE Create an instance flow under the Security tab, with no code changes required. The C3 machine series supports Intel TDX across additional regions and zones, and NVIDIA H100 GPUs on the A3 series enable confidential AI by combining Intel CPU protection with NVIDIA Confidential Computing on the GPU.

Cloudflare data: AI bot crawling surges, referrals fall

🤖 Cloudflare's mid‑2025 dataset shows AI training crawlers now account for nearly 80% of AI bot activity, driving a surge in crawling while sending far fewer human referrals. Google referrals to news sites fell sharply in March–April 2025 as AI Overviews and Gemini upgrades reduced click-throughs. OpenAI’s GPTBot and Anthropic’s ClaudeBot increased crawling share while ByteDance’s Bytespider declined. The resulting crawl-to-refer imbalance — tens of thousands of crawls per human click for some platforms — threatens publisher revenue.

Google warns Salesloft breach hit some Workspace accounts

🔒 Google warns that the Salesloft Drift compromise is larger than first reported and included theft of OAuth tokens beyond the Salesforce integration. Threat actors used stolen tokens tied to the Drift Email integration to access a very small number of Google Workspace email accounts on August 9. Google says the tokens have been revoked, the Drift–Workspace integration is disabled, and affected customers were notified. Organizations using Drift should revoke and rotate all connected authentication tokens and review integrations for exposed secrets.

Google provides ChromeOS workarounds for ClassLink/Clever

⚠️ Google is investigating authentication failures that prevent sign-ins to Clever and ClassLink on affected ChromeOS devices running build 16328.55.0 with Chrome 139.0.7258.137. The problem can disrupt Single Sign‑On and some 2‑Step Verification flows, blocking access to educational platforms. As temporary mitigations, administrators can roll back devices to ChromeOS M138 via the Google Admin console or change LoginAuthenticationBehavior to use the default GAIA authentication flow while Google validates a fix.