< ciso
brief />
Tag Banner

All news with #google tag

584 articles · page 19 of 30

Public Sector Agentic Era: 300 Agents in One Day Showcase

🤖 Google Public Sector ran a #100DaysOfAgents campaign and an interactive Mission District at its October 29, 2025 Public Sector Summit where attendees built 300+ AI agent prototypes using self-serve builder stations. The initiative demonstrates how AI agents can accelerate mission outcomes by automating complex tasks, breaking down data silos, and improving access to services. Prototype examples ranged from a Grid Optimization Analyst to a Water System Transition Planner and an NIH Access Assistant; agents in the library are illustrative, not production-ready. Google invites agencies to partner with experts, prototype with Gemini for Government, and continue development at Google Cloud Next.
read more →

Google Extends Android In-Call Scam Protection to US Banks

🔒 Google is expanding its Android in-call scam protection to cover several U.S. financial apps, including Cash App and the JPMorgan Chase mobile banking app. The feature, introduced with Android 16, warns users when they launch a financial app while sharing their screen during a call with an unknown number, presenting a persistent 30-second alert that only allows ending the call. The protection runs on Android 11 and later and remains in a testing phase.
read more →

Automated Metadata Generation in Google Data Cloud

🧭 Google announces generally available automated metadata generation in the Google Data Cloud, using Dataplex Universal Catalog and Gemini to convert profiling and schema context into human-readable table and column descriptions. The capability integrates with BigQuery, stores generated descriptions for search and governance, and is accessible via an API. It aims to reduce "metadata debt," accelerate time-to-insight, and provide reliable grounding for AI agents, while still encouraging human review for key business definitions.
read more →

Android expands in-call scam protection to banks and fintech

🔒 Android is expanding its pilot for in-call scam protection that detects when users launch participating financial apps while screen sharing during calls from unsaved numbers. The feature warns users, offers a one-tap end-call and stop-sharing option, and enforces a 30-second pause to disrupt social engineering. After UK success and pilots in Brazil and India, Google is rolling pilots with US fintechs including Cash App and banks like JPMorganChase.
read more →

Building Conversational Genomics with Multi-Agent AI

🧬 Combining Google’s ADK, Gemini, and Cloud infrastructure, this work reframes variant interpretation as a conversational workflow that removes repetitive scripting and context switching. A two-phase design performs heavy VEP annotation once, stores versioned ADK artifacts and public BigQuery datasets, and enables sub-5-second interactive queries via a QueryAgent. Validation with an APOB spike-in demonstrated single-variant precision, compatibility across DeepVariant versions, and scalability to ~8.8M variants.
read more →

GKE Turns 10 Hackathon: Winners and Technical Highlights

🚀 The GKE Turns 10 Hackathon showcased developer teams building agentic AI on GKE integrated with Google models such as Gemini. More than 4,700 participants from 133 countries produced 133 projects demonstrating multi-agent pipelines, model orchestration, and microservice integration. Grand prize winner Amie Wei’s Cart-to-Kitchen assistant uses GKE Autopilot, the Agent Development Kit (ADK), and Agent-to-Agent protocols to analyze grocery carts and recommend recipes. Google also announced GEAR, an educational sprint launching in early 2026 to help developers learn, build, and deploy AI agents.
read more →

Google fixes two Android zero-days, 107 vulnerabilities

🔒 Google released its December 2025 Android security bulletin addressing 107 vulnerabilities, including two zero-days (CVE-2025-48633 and CVE-2025-48572) that are reported to be under limited targeted exploitation. The flaws affect Android 13–16 and include information-disclosure and privilege‑escalation issues; the most critical fix this month is CVE-2025-48631 (DoS). Updates also include critical kernel fixes for Qualcomm and closed‑source vendors, and Samsung has ported fixes. Users should apply updates, keep Play Protect active, or move to supported builds.
read more →

Google patches 107 Android zero-days and critical flaws

🔒 In its December Android Security Bulletin, Google disclosed 107 zero-day vulnerabilities affecting Android and AOSP-based systems, publishing fixes for 51 issues on December 1 and promising the remaining 56 on December 5. Among the patched flaws, two high-severity framework bugs (CVE-2025-48633 and CVE-2025-48572) may be under limited targeted exploitation and affect Android 13–16. The bulletin also lists a critical framework vulnerability (CVE-2025-48631) that can cause a remote denial-of-service without additional privileges. Patches for kernel and third-party components from vendors such as Arm, MediaTek, Qualcomm and others will follow.
read more →

Google Issues December Patch for 107 Android Flaws

🔒 Google released its December 2025 Android security update addressing 107 vulnerabilities across Framework, System, Kernel and components from Arm, Imagination Technologies, MediaTek, Qualcomm, and Unison. Two high-severity Framework defects — CVE-2025-48633 (information disclosure) and CVE-2025-48572 (privilege elevation) — are reported as exploited in the wild. A separate critical Framework issue, CVE-2025-48631, could enable remote DoS without added privileges. Google published two patch levels, 2025-12-01 and 2025-12-05, and users should update promptly when vendors release device-specific builds.
read more →

Google Deletes X Post After Using Stolen Recipe Infographic

🧾 Google removed a promotional X post for NotebookLM after users noted an AI-generated infographic closely mirrored a stuffing recipe from the blog HowSweetEats. The card, produced using Google’s Nano Banana Pro image model, reproduced ingredient lists and structure that matched the original post. After being called out on X, Google quietly deleted the promotion; the episode highlights broader concerns about AI scraping and attribution. The company also confirmed it is testing ads in AI-generated answers alongside citations.
read more →

Threat Actors Abuse Calendar Subscriptions for Attacks

📅 New research from BitSight reveals that threat actors are exploiting third‑party calendar subscription mechanisms to inject malicious events and notifications directly into users' devices. Attackers are leveraging expired or hijacked domains to host deceptive .ics files and run large‑scale social engineering campaigns that can deliver phishing URLs, attachments, or code execution vectors. While this is not a vulnerability in Google Calendar or iCalendar, the findings expose a neglected security blind spot. Organizations and individuals should strengthen monitoring and protections around calendar subscriptions.
read more →

Google Antigravity AI coding tool vulnerable to exploits

⚠️ Google’s AI-assisted coding tool Antigravity, launched in early November, has a critical vulnerability discovered by researchers at Mindgard within 24 hours that can install a persistent backdoor and execute malicious code each time the application starts. The flaw arises because the assistant follows custom user rules unconditionally and gives excessive weight to rules embedded in project source, while a global configuration directory can hold files specifying arbitrary commands that are read and acted on at startup. Mindgard also identified two additional vulnerabilities that could expose user data, and no patch is yet available.
read more →

Researchers Warn of Security Risks in Google Antigravity

⚠️ Google’s newly released Antigravity IDE has drawn security warnings after researchers reported vulnerabilities that can allow malicious repositories to compromise developer workspaces and install persistent backdoors. Mindgard, Adam Swanda, and others disclosed indirect prompt injection and trusted-input handling flaws that could enable data exfiltration and remote command execution. Google says it is aware, has updated its Known Issues page, and is working with product teams to address the reports.
read more →

Gemini 3 Reframes Enterprise Perimeter and Protection

🚧 Gemini 3’s release on 18 November 2025 signals a structural shift: beyond headline performance gains, it accelerates embedding large multimodal assistants directly into enterprise workflows and infrastructure. That continuation of a trend already visible with Microsoft Copilot effectively makes AI assistants a new enterprise perimeter — changing where corporate data, identities, and controls must be enforced. Security, compliance, and IT teams need to update policies, telemetry, and incident response to this expanded boundary.
read more →

Anthropic Claude Opus 4.5 Now Available on Vertex AI

🚀 Anthropic's Claude Opus 4.5 is now generally available on Vertex AI, delivering frontier performance for coding, agents, vision, and office automation at roughly one-third the cost of Opus 4.1. The model introduces advanced agentic tool use—programmatic tool calling (including direct Python execution) and dynamic tool search—plus expanded memory and a 1M-token context window to support long, multi-step tasks. On Vertex AI, Opus 4.5 is offered as a Model-as-a-Service on Google's high-performance infrastructure with prompt caching, efficient batch predictions, provisioned throughput, and enterprise-grade controls for deployment. Organizations can leverage the Agent Builder stack (ADK, A2A, and Agent Engine) and Google Cloud security controls, including Model Armor and Security Command Center protections, to accelerate production agents while managing cost and risk.
read more →

Fortinet, Chrome 0-days and Supply-Chain Attacks Recap

⚠️ This week’s recap spotlights multiple actively exploited vulnerabilities, supply‑chain compromises, and a record cloud DDoS that forced rapid vendor responses. Fortinet disclosed a FortiWeb OS command injection (CVE-2025-58034) that was observed chained with a recent critical fix, raising concerns about silent patching and disclosure timing. Google patched an actively exploited Chrome V8 0‑day (CVE-2025-13223), and attackers continued to abuse browser notifications, malicious updates, and SaaS integrations to phish and persist. The incidents underscore urgent priorities: patch quickly, scrutinize integrations, and strengthen monitoring and response.
read more →

TalayLink Subsea Cable Connects Australia and Thailand

🌐 Today Google is announcing TalayLink, a new subsea cable that will extend the previously announced interlink cable from the Australia Connect initiative to establish a diverse path between Australia and Thailand via the Indian Ocean. The project includes planned connectivity hubs in Mandurah (Western Australia) and South Thailand, the latter in partnership with AIS, plus local landing support from IGC. These investments are designed to integrate Google Cloud’s upcoming Thailand region and data center into its global network, improving resilience, routing diversity, and onward connectivity across the Indian Ocean.
read more →

Google adds Pixel-to-iPhone file sharing via Quick Share

📱 Google has made Quick Share interoperable with Apple's AirDrop, enabling two-way file transfers between Pixel devices and iPhones starting with the Pixel 10 family. The implementation uses AirDrop's "Everyone for 10 minutes" direct, device-to-device mode with no server intermediaries. Google says it applied threat modeling, internal security and privacy reviews, Rust parsing to reduce memory risks, and independent NetSPI testing. Users must manually confirm recipients before sharing.
read more →

Vertex AI Studio adds Gemini tools for faster builds

🚀 Vertex AI Studio now centers developer workflows around Gemini and introduces agents-as-tools to streamline prompt engineering and app creation. The Studio adds three core agent commands — /Prompt, /Evaluate, and /Build — to refine prompts, assess outputs with custom autoraters, and generate working code. Team features include cross-account prompt sharing, version history, and notes. Onboarding is simplified with one-click API keys, an /Ask helper, express mode, and loginless model trials.
read more →

Gemini CLI Adds Looker Extensions for Terminal Data Access

🚀 The Gemini CLI now includes Looker and Looker Conversational Analytics extensions, enabling direct terminal access to Looker data and dashboards. These additions let users ask complex questions, generate reports, and create dashboards without leaving the command line. Installation requires the Gemini CLI (npm), the two extensions, and configuration of Looker API credentials and optional Google Cloud settings. The update aims to streamline workflows and make data exploration more accessible from everyday development environments.
read more →