< ciso
brief />
Tag Banner

All news with #google tag

584 articles · page 22 of 30

Google Sues China-Based Operators of PhaaS 'Lighthouse'

⚖️ Google has filed a civil lawsuit in the U.S. District Court for the Southern District of New York against China-based operators of the PhaaS kit Lighthouse, which Google says has ensnared over one million users across 120 countries. The platform is accused of powering industrial-scale SMS phishing and smishing campaigns that impersonate trusted brands like E-ZPass and USPS to steal financial data. Google alleges the actors illegally used its trademarks on at least 107 spoofed sign-in templates and seeks to dismantle the infrastructure under the RICO, Lanham Act, and the Computer Fraud and Abuse Act. Security firms link Lighthouse to a broader PhaaS ecosystem including Darcula and Lucid, and to a smishing syndicate tracked as Smishing Triad.
read more →

Google Announces Private AI Compute for Cloud Privacy

🔒 Google on Tuesday introduced Private AI Compute, a cloud privacy capability that aims to deliver on-device-level assurances while harnessing the scale of Gemini models. The service uses Trillium TPUs and Titanium Intelligence Enclaves (TIE) and relies on an AMD-based Trusted Execution Environment to encrypt and isolate memory on trusted nodes. Workloads are mutually attested, cryptographically validated, and ephemeral so inputs and inferences are discarded after each session, with Google stating data remains private to the user — 'not even Google.' An external assessment by NCC Group flagged a low-risk timing side channel in the IP-blinding relay and three attestation implementation issues that Google is mitigating.
read more →

Lightricks Scales Video Diffusion Training with JAX

🚀 Lightricks rewrote its training stack in JAX to scale high-performance video diffusion models on TPUs after hitting limits with PyTorch/XLA. The migration enabled reliable sharding, fixed FlashAttention and data-loading issues, and delivered linear scaling across small and large TPU pods. These improvements translated to ~40% more training steps per day, faster iteration, and doubled team productivity. Their stack leverages Flax, Optax, Orbax, and the MaxText blueprint for robust, testable, and efficient large-scale training.
read more →

How BigQuery Brought Vector Search to Analytics at Scale

🔍 In early 2024 Google introduced native vector search in BigQuery, embedding semantic search directly into the data warehouse to remove the need for separate vector databases. Users can create indexes with a simple CREATE VECTOR INDEX statement and run semantic queries via the VECTOR_SEARCH function or through Python integrations like LangChain. BigQuery provides serverless scaling, asynchronous index refreshes, model rebuilds with no downtime, partitioned indexes, and ScaNN-based TreeAH for improved price/performance, while retaining row- and column-level security and a pay-as-you-go pricing model.
read more →

KONNI APT Abuses Google Find Hub to Wipe Android Devices

🔐 Genians Security Center (GSC) has attributed a recent destructive campaign to the KONNI APT, which abused Google’s Find Hub service to remotely wipe Android phones and tablets. Threat actors distributed a signed MSI via compromised KakaoTalk accounts, installed an AutoIt loader, and stole Google credentials to trigger remote resets when victims were away. GSC describes this as the first confirmed state-linked misuse of Find Hub and recommends stronger authentication, verification for remote wipes, and enhanced EDR and behavioral monitoring.
read more →

Pixnapping vulnerability: Android screen-snooping risk

🔒 A newly disclosed exploit named Pixnapping (CVE-2025-48561) allows a malicious Android app with no special permissions to read screen pixels from other apps and reconstruct sensitive content. The attack chains intent-based off-screen rendering, translucent overlays, and a GPU compression timing side channel to infer pixel values. Google issued a September patch but researchers bypassed it, and a more robust fix is planned.
read more →

North Korean Hackers Abuse Google's Find Hub for Wipes

🔒 Genians Security Center (GSC) reports that North Korea–linked KONNI actors abused Google's Android device‑tracing and management service Find Hub to remotely track and wipe victims' phones. Attackers compromised legitimate Google accounts—often via spear‑phishing impersonating South Korea’s National Tax Service—and used Find Hub to confirm location and issue reset commands that silenced alerts. The campaign also spread malware through compromised KakaoTalk contacts sending apps disguised as 'stress-relief' programs.
read more →

GKE: Unified Platform for Agents, Scale, and Inference

🚀 Google details a broad set of GKE and Kubernetes enhancements announced at KubeCon to address agentic AI, large-scale training, and latency-sensitive inference. GKE introduces Agent Sandbox (gVisor-based) for isolated agent execution and a managed GKE Agent Sandbox with snapshots and optimized compute. The platform also delivers faster autoscaling through Autopilot compute classes, Buffers API, and container image streaming, while inference is accelerated by GKE Inference Gateway, Pod Snapshots, and Inference Quickstart.
read more →

When to Use Sub-Agents Versus Agents as Tools for ADK

🧭 This post explains when to use sub-agents versus packaging agents as tools when building multi-agent systems with Google's Agent Development Kit (ADK). It contrasts agents-as-tools — encapsulated, stateless specialists invoked like deterministic function calls — with sub-agents, which are stateful, context-aware delegates that manage multi-step workflows. The guidance highlights trade-offs across task complexity, context sharing, reusability, and autonomy, and illustrates the patterns with data-agent and travel-planner examples to help architects choose efficient, scalable designs.
read more →

Leak: Google Gemini 3 Pro and Nano Banana 2 Launch Plans

🤖 Google appears set to release two new models: Gemini 3 Pro, optimized for coding and general use, and Nano Banana 2 (codenamed GEMPIX2), focused on realistic image generation. Gemini 3 Pro was listed on Vertex AI as "gemini-3-pro-preview-11-2025" and is expected to begin rolling out in November with a reported 1 million token context window. Nano Banana 2 was also spotted on the Gemini site and could ship as early as December 2025.
read more →

Tiered KV Cache Boosts LLM Performance on GKE with HBM

🚀 LMCache implements a node-local, tiered KV Cache on GKE to extend the GPU HBM-backed Key-Value store into CPU RAM and local SSD, increasing effective cache capacity and hit ratio. In benchmarks using Llama-3.3-70B-Instruct on an A3 mega instance (8×nvidia-h100-mega-80gb), configurations that added RAM and SSD reduced Time-to-First-Token and materially increased token throughput for long system prompts. The results demonstrate a practical approach to scale context windows while balancing cost and latency on GKE.
read more →

Agent Factory Recap: Build AI Apps in Minutes with Google

🤖 This recap of The Agent Factory features Logan Kilpatrick from Google DeepMind demonstrating vibe coding in Google AI Studio, a Build workflow that turns a natural-language app idea into a live prototype in under a minute. Live demos included a virtual food photographer, grounding with Google Maps, the AI Studio Gallery, and a speech-driven "Yap to App" pair programmer. The episode also surveyed agent ecosystem updates—Veo 3.1, Anthropic Skills, and Gemini improvements—and highlighted the shift from models to action-capable systems.
read more →

Build Your First AI Agent Workforce with Google's ADK

🤖 Google’s open-source Agent Development Kit (ADK) simplifies creating autonomous AI agents that use LLMs such as Gemini as their reasoning core. The post presents three hands-on codelabs that guide developers through building a personal assistant agent, adding custom and third-party tools, and orchestrating multi-agent workflows. Each lab demonstrates practical patterns—scaffolding an agent, integrating tools like Google Search and LangChain components, and using Workflow Agents and session state to pass information—so teams can progress from experiment to production-ready agent systems.
read more →

Google Adds Maps Form to Report Review Extortion Scams

📍 Google has introduced a dedicated form for businesses on Google Maps to report extortion attempts where threat actors post inauthentic negative reviews and demand payment to remove them. The move targets review bombing schemes that flood profiles with fake one-star reviews and then coerce owners, often via third-party messaging apps. Google also highlighted related threats — from job and AI impersonation scams to malicious VPN apps and fraud recovery cons — and advised practical precautions for affected merchants and users.
read more →

November 2025 Fraud and Scams Advisory — Key Trends

🔔 Google’s Trust & Safety team published a November 2025 advisory describing rising online scam trends, attacker tactics, and recommended defenses. Analysts highlight key categories — online job scams, negative review extortion, AI product impersonation, malicious VPNs, fraud recovery scams, and seasonal holiday lures — and note increased misuse of AI to scale fraud. The advisory outlines impacts including financial theft, identity fraud, and device or network compromise, and recommends protections such as 2‑Step Verification, Gmail phishing defenses, Google Play Protect, and Safe Browsing Enhanced Protection.
read more →

Google Fraud and Scams Advisory — Nov 2025 Trends Update

🔒 Google’s November 2025 scams advisory outlines rising, increasingly AI-driven fraud tactics and provides concrete protections. Analysts detail six prioritized threats — including online job scams, review-extortion, AI service impersonation, malicious VPNs, fraud-recovery cons, and seasonal holiday schemes — and describe associated malware and credential risks. The post highlights Gmail, Google Messages, Safe Browsing, Play Protect, and account security features like 2‑Step Verification, and gives practical guidance for individuals and merchants.
read more →

Leading Bug Bounty Programs and Market Shifts 2025

🔒 Bug bounty programs remain a core component of security testing in 2025, drawing external researchers to identify flaws across web, mobile, AI, and critical infrastructure. Leading platforms like Bugcrowd, HackerOne, Synack and vendors such as Apple, Google, Microsoft and OpenAI have broadened scopes and increased payouts. Firms now reward full exploit chains and emphasize human-led reconnaissance over purely automated scanning. Programs also support regulatory compliance in critical sectors.
read more →

Building Software Sustainably with AI and Efficiency

🌱 Google presents a Sustainable by Design approach to reduce the environmental footprint of AI and software. The post highlights projects like Green Light and Project Contrails, improvements in hardware efficiency such as Ironwood TPUs, and a fleet-wide Power Usage Effectiveness of 1.09. It introduces the 4Ms—Machine, Model, Mechanisation, Map—to guide infrastructure and development choices. The emphasis is on embedding efficiency across the software lifecycle to cut energy use, costs, and water consumption.
read more →

Google: New AI-Powered Malware Families Deployed

⚠️Google's Threat Intelligence Group reports a surge in malware that integrates large language models to enable dynamic, mid-execution changes—what Google calls "just-in-time" self-modification. Notable examples include the experimental PromptFlux VBScript dropper and the PromptSteal data miner, plus operational threats like FruitShell and QuietVault. Google disabled abused Gemini accounts, removed assets, and is hardening model safeguards while collaborating with law enforcement.
read more →

GTIG report: Adversaries adopt AI for advanced attacks

⚠️ The Google Threat Intelligence Group (GTIG) reports that adversaries are evolving beyond simple productivity uses of AI toward operational misuse. Observed behaviors include state-sponsored actors from North Korea, Iran and the People's Republic of China using AI for reconnaissance, automated phishing lure creation and data exfiltration. The report documents AI-powered malware that can generate and modify malicious scripts in real time and attackers exploiting deceptive prompts to bypass model guardrails. Google says it has disabled assets linked to abuse and applied intelligence to improve classifiers and harden models against misuse.
read more →