All news with #google tag

NVIDIA Run:ai Model Streamer Adds Cloud Storage Support

🚀 The NVIDIA Run:ai Model Streamer now supports native Google Cloud Storage access, accelerating model load and inference startup for vLLM workloads on GKE. By streaming tensors directly from Cloud Storage into GPU memory and using distributed, NVLink-aware transfers, the streamer dramatically reduces cold-start latency and idle GPU time. Enabling it in vLLM is a single-flag change and it can leverage GKE Workload Identity for secure, keyless access.

PubMed Data in BigQuery to Accelerate Medical Research

🔬 Google Cloud has made PubMed content available as a BigQuery public dataset with integrated vector search via Vertex AI, enabling semantic search across more than 35 million biomedical articles. Both BigQuery and Vertex AI Vector Search are FedRAMP High authorized, allowing organizations to run embedding models and VECTOR_SEARCH queries inside BigQuery. Early adopters like The Princess Máxima Center report literature reviews reduced from hours to minutes, and example SQL plus a demo repo are provided to help teams get started.

Protecting Submarine Cables: Cyber and Physical Security

🔒 Submarine cables carry between 95% and 99% of global data traffic, yet recent breakages — notably ten in the Baltic Sea between 2022 and July 2025 — highlight persistent vulnerabilities. Private operators now control most capacity, and governments and vendors must address both physical threats such as fishing and anchors and increasingly sophisticated cyber risks. Major cloud vendors emphasize route diversity and redundancy while operators like Telxius combine burial, audits, AI/ML detection and continuity planning to protect service availability.

Automated Metadata Generation in Google Data Cloud

🧭 Google announces generally available automated metadata generation in the Google Data Cloud, using Dataplex Universal Catalog and Gemini to convert profiling and schema context into human-readable table and column descriptions. The capability integrates with BigQuery, stores generated descriptions for search and governance, and is accessible via an API. It aims to reduce "metadata debt," accelerate time-to-insight, and provide reliable grounding for AI agents, while still encouraging human review for key business definitions.

CME Group modernizes exchange infrastructure with Cloud SQL

🚀 CME Group partnered with Google Cloud to migrate its critical trading databases to Cloud SQL, aiming to sustain ultra-low-latency operations and reduce operational overhead. The managed service provides built-in observability and AI-assisted insights that surface anomalies and suggest query optimizations, enabling teams to identify root causes in minutes. As a result, administrators focus on strategic improvements while developers iterate faster and collaborate across environments.

Google Extends Android In-Call Scam Protection to US Banks

🔒 Google is expanding its Android in-call scam protection to cover several U.S. financial apps, including Cash App and the JPMorgan Chase mobile banking app. The feature, introduced with Android 16, warns users when they launch a financial app while sharing their screen during a call with an unknown number, presenting a persistent 30-second alert that only allows ending the call. The protection runs on Android 11 and later and remains in a testing phase.

Adversarial Poetry Bypasses AI Guardrails Across Models

✍️ Researchers from Icaro Lab (DexAI), Sapienza University of Rome, and Sant’Anna School found that short poetic prompts can reliably subvert AI safety filters, in some cases achieving 100% success. Using 20 crafted poems and the MLCommons AILuminate benchmark across 25 proprietary and open models, they prompted systems to produce hazardous instructions — from weapons-grade plutonium to steps for deploying RATs. The team observed wide variance by vendor and model family, with some smaller models surprisingly more resistant. The study concludes that stylistic prompts exploit structural alignment weaknesses across providers.

Intellexa Continues Exploitation of Zero-Day Bugs Worldwide

🔍 Google Threat Intelligence Group (GTIG) analysis shows that Intellexa, vendor of the Predator spyware, continues to develop and deploy zero‑day exploits against mobile browsers and operating systems despite sanctions. GTIG attributes 15 unique zero‑days to Intellexa out of roughly 70 discovered since 2021, spanning RCE, sandbox escape, and LPE flaws on iOS, Android, and Chrome. The company uses modular exploit frameworks, acquires exploit chain steps from third parties, delivers payloads via one‑time messaging links and malvertising, and embeds anti‑analysis watcher modules to abort operations on detection.

Building Conversational Genomics with Multi-Agent AI

🧬 Combining Google’s ADK, Gemini, and Cloud infrastructure, this work reframes variant interpretation as a conversational workflow that removes repetitive scripting and context switching. A two-phase design performs heavy VEP annotation once, stores versioned ADK artifacts and public BigQuery datasets, and enables sub-5-second interactive queries via a QueryAgent. Validation with an APOB spike-in demonstrated single-variant precision, compatibility across DeepVariant versions, and scalability to ~8.8M variants.

The AI Fix #79 — Gemini 3, poetry jailbreaks, robot safety

🎧 In episode 79 of The AI Fix, hosts Graham Cluley and Mark Stockley examine the latest surprises from Gemini 3, including boastful comparisons, hallucinations about the year, and reactions from industry players. They also discuss an arXiv paper proposing adversarial poetry as a universal jailbreak for LLMs and the ensuing debate over its provenance. Additional segments cover robot-versus-appliance antics, a controversial AI teddy pulled from sale after disturbing interactions with children, and whether humans need safer robots — or stricter oversight.

Practical Guide to GPU HBM for Fine-Tuning Models in Cloud

🔍 Running into CUDA out-of-memory errors is a common blocker when fine-tuning models; High Bandwidth Memory (HBM) holds model weights, optimizer state, gradients, activations, and framework overhead. The article breaks down those consumers, provides a simple HBM sizing formula, and walks through a 4B-parameter bfloat16 example that illustrates why full fine-tuning can require tens of GBs. It then presents practical mitigations—PEFT with LoRA, quantization and QLoRA, FlashAttention, and multi‑GPU approaches including data/model parallelism and FSDP—plus a sizing guide (16–40+ GB) to help choose the right hardware.

Malicious Chrome and Edge Extensions Threaten Enterprises

🔍 Koi Security revealed a long-running surveillance campaign by an actor it calls 'ShadyPanda' that abused legitimate-seeming Chrome and Edge extensions to harvest browsing data, hijack search results, and deploy a backdoor enabling remote code execution. The group built trust by publishing useful extensions (including Clean Master) and then silently pushed malicious updates that bypassed marketplace re-approval. With an estimated 4.3 million infected browser instances, enterprises should treat browser extensions as high-risk assets and urgently audit and remediate add-ons on corporate and employee devices.

ShadyPanda Browser Extension Campaign Hits 4.3M Users

🛡️ A seven-year browser extension campaign attributed to the actor known as ShadyPanda has infected 4.3 million Chrome and Edge users by operating legitimately for years and then pushing malicious updates. A Koi Security report describes a remote code execution backdoor that affected roughly 300,000 users across five extensions, including Clean Master, and a parallel spyware push via Edge extensions such as WeTab. Malicious updates enabled hourly downloads of arbitrary JavaScript, extensive logging of site visits, exfiltration of encrypted browsing histories, and comprehensive browser fingerprinting.

Google fixes two Android zero-days, 107 vulnerabilities

🔒 Google released its December 2025 Android security bulletin addressing 107 vulnerabilities, including two zero-days (CVE-2025-48633 and CVE-2025-48572) that are reported to be under limited targeted exploitation. The flaws affect Android 13–16 and include information-disclosure and privilege‑escalation issues; the most critical fix this month is CVE-2025-48631 (DoS). Updates also include critical kernel fixes for Qualcomm and closed‑source vendors, and Samsung has ported fixes. Users should apply updates, keep Play Protect active, or move to supported builds.

No-Cost Google Cloud AI Training to Upskill This Holiday

🎁 This holiday season Google Skills provides no-cost AI courses and hands-on labs taught by Google Cloud experts, intended for both technical and non-technical learners. Technical offerings include sandboxed labs covering Gemini Code Assist, Vibe coding, Model Context Protocol (MCP) integration, ADK agents, fine-tuning, and AI infrastructure, with 35 free monthly credits to practice in real environments. Non-technical content emphasizes leadership, Gemini Enterprise, NotebookLM, short practical lessons, and skill badges or certification prep to validate progress.

Amazon Bedrock Adds 18 Fully Managed Open Models Today

🚀 Amazon Bedrock expanded its model catalog with 18 new fully managed open-weight models, the largest single addition to date. The offering includes Gemma 3, Mistral Large 3, NVIDIA Nemotron Nano 2, OpenAI gpt-oss variants and other vendor models. Through a unified API, developers can evaluate, switch, and adopt these models in production without rewriting applications or changing infrastructure. Models are available in supported AWS Regions.

Google patches 107 Android zero-days and critical flaws

🔒 In its December Android Security Bulletin, Google disclosed 107 zero-day vulnerabilities affecting Android and AOSP-based systems, publishing fixes for 51 issues on December 1 and promising the remaining 56 on December 5. Among the patched flaws, two high-severity framework bugs (CVE-2025-48633 and CVE-2025-48572) may be under limited targeted exploitation and affect Android 13–16. The bulletin also lists a critical framework vulnerability (CVE-2025-48631) that can cause a remote denial-of-service without additional privileges. Patches for kernel and third-party components from vendors such as Arm, MediaTek, Qualcomm and others will follow.

Google Issues December Patch for 107 Android Flaws

🔒 Google released its December 2025 Android security update addressing 107 vulnerabilities across Framework, System, Kernel and components from Arm, Imagination Technologies, MediaTek, Qualcomm, and Unison. Two high-severity Framework defects — CVE-2025-48633 (information disclosure) and CVE-2025-48572 (privilege elevation) — are reported as exploited in the wild. A separate critical Framework issue, CVE-2025-48631, could enable remote DoS without added privileges. Google published two patch levels, 2025-12-01 and 2025-12-05, and users should update promptly when vendors release device-specific builds.

VPC Flow Logs for Cross-Cloud VPN and Interconnect

🔍 Google Cloud has extended VPC Flow Logs to cover Cloud VPN tunnels and VLAN attachments for Cloud Interconnect and Cross-Cloud Interconnect, giving operators fuller visibility into hybrid and cross-cloud traffic. New gateway annotations (reporter and gateway object) add directional context and gateway metadata while logs retain 5-tuple granularity for precise flow identification. Use these logs to find elephant flows, audit Shared VPC hybrid bandwidth, validate DSCP markings, and troubleshoot on-prem-to-cloud connectivity. Logs integrate with Flow Analyzer for in-context analysis, connectivity tests, and natural-language queries.

Cybersecurity M&A Roundup: Giants Strengthen AI Security

🛡️ November 2025 saw a flurry of cybersecurity acquisitions as major vendors raced to embed AI, observability and exposure management across their portfolios. Deals included Palo Alto Networks' $3.35bn purchase of Chronosphere, LevelBlue's completion of its Cybereason acquisition, and Bugcrowd's buy of AI app-security firm Mayhem. Other moves saw Safe Security acquire Balbix, Zscaler buy SPLX, and Arctic Wolf agree to acquire UpSight to bolster ransomware prevention. Collectively these transactions accelerate AI-driven automation and resilience across cloud, endpoint and software security.