< ciso
brief />
Tag Banner

All news with #google tag

584 articles · page 16 of 30

Google Chrome adds option to remove on-device AI models

🔒 Google Chrome now allows users to delete the local AI models that power the Enhanced Protection feature, which received AI upgrades last year. The device-hosted model performs real-time scans of sites, downloads, and extensions to flag potentially dangerous content. Researcher Leopeva64 spotted a new control in Chrome Canary; to remove the model, go to Settings > System and turn off "On-device GenAI." Google will roll the option to stable channels soon.
read more →

Google Vertex AI permissions raise insider threat risks

⚠️ XM Cyber disclosed privilege-escalation flaws in Google’s Vertex AI that let low‑privileged users manipulate Google-managed Service Agents to gain elevated project-wide permissions. Google told XM Cyber this behavior is "working as intended." Security experts warn that managed service identities and insecure defaults create invisible, structural risks. CISOs are urged to audit service identities, reduce authentication scope, and monitor agent activity like privileged users.
read more →

Google rolls out ability to change @gmail.com address

✉️ Google has begun rolling out an option that lets users change their primary @gmail.com address to a new @gmail.com address. When changed, the previous address becomes an alias and continues to receive mail; account data (photos, messages, and existing emails) is preserved and accessible. You can sign in with either the old or new address, revert to the prior address at any time, and Google limits creation of additional new addresses for the same account over a 12‑month period; the new address cannot be deleted.
read more →

BigQuery: Managed SQL-native Inference for Open Models

🚀 BigQuery now supports managed third‑party generative AI inference (Preview) for open models from Hugging Face and Vertex AI Model Garden, enabling SQL-native deployment and inference. With a single CREATE MODEL statement you can provision and configure compute, control lifecycle with endpoint_idle_ttl and ALTER MODEL, and run inference via AI.GENERATE_TEXT or AI.GENERATE_EMBEDDING. BigQuery automates resource cleanup and integrates cost controls to reduce operational overhead.
read more →

WhisperPair Flaw Lets Attackers Hijack Bluetooth Audio

🔒 Security researchers at KU Leuven disclosed a critical flaw dubbed WhisperPair (CVE-2025-36911) in the Fast Pair protocol that lets attackers forcibly pair with and control Bluetooth audio accessories. The issue stems from devices failing to enforce the Fast Pair requirement to ignore pairing requests when not in pairing mode, enabling silent hijacking and eavesdropping. Hundreds of millions of headphones, earbuds, and speakers from vendors including Google, Jabra, Sony, OnePlus, Xiaomi, and others are affected, and patches are being coordinated with manufacturers.
read more →

Critical Fast Pair Flaw Lets Attackers Hijack Headsets

🔒 Researchers disclosed a critical vulnerability in Google's Fast Pair protocol, tracked as CVE-2025-36911 and dubbed WhisperPair. The flaw stems from many accessories failing to ignore pairing requests when not in pairing mode, enabling attackers to pair without user consent. Exploits can hijack audio devices, enable eavesdropping and location tracking, and affect hundreds of millions of headsets from vendors including Google, Sony, Jabra, JBL, OnePlus. Only manufacturer firmware updates mitigate the risk; disabling Fast Pair on phones does not protect accessories.
read more →

Microsoft Tops Brands Imitated in Q4 2025 Phishing

🔒 In Q4 2025, Check Point Research found Microsoft to be the most impersonated brand in phishing campaigns, responsible for 22% of branded phishing attempts. Google followed with 13%, while Amazon rose to 9%, driven by Black Friday and holiday sales, displacing Apple. After a lengthy absence, Facebook (Meta) reappeared in the top ten at fifth, underscoring renewed interest in social media account takeover. The pattern reflects a multi-quarter trend of attackers abusing trusted enterprise and consumer brands to harvest credentials and gain initial access.
read more →

Google to Add Gemini Agentic Features to Chrome Android

🤖 Google is testing integration of Gemini into Chrome for Android, with Chromium source references indicating an agentic feature codenamed Glic. A Google engineer noted the browser binary increases because of the added support code, suggesting significant new functionality. The integration may provide contextual, agent-like actions such as page summaries and follow-up queries, similar to mobile copilots. No release timetable has been announced.
read more →

Google's Personal Intelligence Links Data to Gemini

🔐 Google is rolling out a new Personal Intelligence capability in Gemini that can access information from Gmail, Google Photos, Search, YouTube and other Google products to generate more personalized responses. The feature is opt-in, off by default, and users can choose which apps to connect, disconnect them, or turn the feature off at any time. Google illustrates uses such as pulling tire specifications from photos and emails or extracting a license plate from an image to confirm vehicle details. The functionality is launching as a U.S. beta for eligible subscribers, and Google warns that the model can still produce inaccuracies or over-personalization, inviting users to provide feedback.
read more →

Palo Alto Networks Automates DORs with Agentic AI Design

🤖 Palo Alto Networks automated creation of its internal Document of Record (DOR) using an agent built with Google's open-source Agent Development Kit (ADK) and hosted on Vertex AI Agent Engine. The agent leverages Vertex AI RAG Engine, Vertex AI Discovery Search, Gemini models, and Cloud Storage to retrieve and synthesize grounded answers to a standardized set of 140+ questions. A FastAPI webserver on GKE orchestrates parallel processing, manages state, and publishes completed DORs back to Salesforce via Cloud Pub/Sub, reducing manual effort and improving consistency.
read more →

Comments to SQL in BigQuery: Natural-Language Querying

🔎 Comments to SQL in BigQuery introduces an AI-driven way to write queries by placing natural-language expressions inside SQL comments. The system analyzes surrounding SQL context and translates plain English prompts into executable BigQuery SQL across SELECT, FROM, WHERE, GROUP BY and other clauses. It supports iterative refinement and aims to help both non-SQL users and experienced analysts move faster.
read more →

Google Confirms Android Bug Affecting Volume Keys on Devices

🔊 Google acknowledged a software bug that causes volume buttons to control the device's Accessibility volume instead of the Media volume when the Select to Speak accessibility service is enabled. The issue also prevents using volume keys as a shutter shortcut in the Camera app. Google has not specified which Android versions or how many users are affected, nor provided an ETA for a permanent fix. A temporary workaround is to disable Select to Speak via Settings → Accessibility.
read more →

Survey: Nearly 90% of Federal Agencies Using AI Now

🔍 Google Public Sector commissioned a Government Executive survey of 250 federal IT leaders, finding nearly 90% of agencies are planning to or already using AI. Respondents cited common use cases such as document and data processing, workflow and process automation, and decision support systems. Security and adversarial risk were identified as the top adoption barrier, with reliability and workforce disruption also noted. Google highlights Gemini for Government, GSA OneGov pricing, and expanded training programs as measures to address cost, legacy, and skills constraints.
read more →

CISOs Name Top 10 Vendors for AI-Enabled Security in 2025

🔒 The CSO 2025 Security Priorities Study asked more than 640 senior security executives to rank leaders in AI-enabled security, and established, name-brand vendors dominated the results. CISOs prioritized product innovation but heavily weighed reputation, breach history, business value, cost, time to integrate, and peer adoption. The top-ranked providers included Cisco, Microsoft, and Google, while MSSPs and cloud-native service providers also gained visibility as teams seek managed incident response.
read more →

Apple to Power Siri with Google Gemini; Privacy Emphasized

🟢 Apple and Google confirmed a multi-year collaboration that will bring Google's Gemini models and Google Cloud hosting to future versions of Siri and Apple Foundation Models. The move aims to address performance gaps after Apple’s in-house Siri models lagged behind rivals. Apple says Apple Intelligence will run on-device and on its Private Cloud Compute while foundation models are hosted on Google Cloud, and that user privacy remains a priority.
read more →

Hackers Scan Misconfigured Proxies to Reach Paid LLMs

🔍 Threat actors have been probing misconfigured proxy servers to access paid large language model (LLM) endpoints, generating over 80,000 sessions since late December, according to GreyNoise. Attackers used low-noise queries to fingerprint models without triggering alerts and targeted vendors such as OpenAI, Anthropic, Google, Meta, Mistral and others. While GreyNoise reports no observed exploitation or data theft, the scale of enumeration indicates reconnaissance with possible malicious intent. Recommended mitigations include restricting Ollama model pulls to trusted registries, applying egress filtering, blocking known OAST callback domains at DNS, rate-limiting suspicious ASNs, and monitoring JA4 fingerprints.
read more →

Gmail AI Inbox Powered by Gemini; Google Won't Train

📝 Google is introducing an AI Inbox in Gmail that uses Gemini to surface prioritized briefings and summarize conversation threads with new AI Overviews. The feature appears above the traditional Inbox as a personalized briefing that highlights to-dos and VIP contacts inferred from email signals. AI Overviews are rolling out to all users at no cost, while AI Inbox is available to Google AI Pro and Ultra subscribers in the United States. Google says users can opt out and reiterated it will not train its AI models on user emails.
read more →

BigQuery MCP Server: Build Data AI Agents Faster, Securely

🚀 The preview release of a fully managed, remote MCP server for BigQuery (Jan 2026) lets developers connect LLM-powered agents directly to analytics data via a standard HTTP endpoint without managing infrastructure. The blog demonstrates step‑by‑step integration with the Agent Development Kit (ADK) and the Gemini CLI, including OAuth client creation and Gemini API key setup, and loading a sample cymbal_pets dataset. It highlights compatibility with popular frameworks (ADK, LangGraph, Claude code, Cursor IDE) and reminds readers to follow AI security and production best practices.
read more →

Gemini CLI: Preconfigured Google Cloud Monitoring Dashboards

🔍 Google Cloud has enhanced Gemini CLI telemetry with pre-configured Google Cloud Monitoring dashboards that provide immediate visibility into adoption, usage patterns, and performance. By exporting data via OpenTelemetry, teams can use out-of-the-box visualizations or analyze raw logs and metrics to build custom views. Setup is simplified through direct GCP exporters and a three-step flow—project ID, authentication and IAM roles, and updating .gemini/settings.json—so telemetry can be live quickly.
read more →

Google Seeks Engineers to Improve AI Answers Quality

🔎 Google has posted a job for AI Answers Quality engineers to verify and improve the accuracy of its AI Overviews, an implicit admission that AI-driven answers on Search can hallucinate and produce contradictory responses. The role aims to validate AI-generated content, improve citation fidelity, and enhance answer quality across the Search results page and AI Mode. The listing arrives as Google increasingly routes users into AI-driven experiences, including updated Discover feed summaries and AI-rewritten headlines. Reported issues range from fabricated company valuations to misleading health advice, highlighting the need for targeted quality work.
read more →