All news with #google tag

📷 Google announced Pixel 10 phones will embed C2PA Content Credentials in every photo captured by the native Pixel Camera and display verification in Google Photos. The Pixel Camera app achieved Assurance Level 2 by combining Tensor G5, the certified Titan M2 security chip, and Android hardware-backed attestation. A privacy-first model uses anonymous enrollment, a strict no-logging policy, and a one-time certificate-per-image strategy to prevent linking. Pixel 10 also supports an on-device trusted timestamping mechanism so credentials remain verifiable offline.

🎖️ Google Public Sector is opening registration for a no-cost, three-week virtual program, Google Launchpad for Veterans, offering foundational generative AI training and a path to the Gen AI Leader certification. The Gen AI Leader training includes a two-day kickoff on November 13–14, optional exam prep sessions, and a complimentary exam voucher. Participants will learn core LLM concepts, how to navigate the AI ecosystem, and practical business applications using Gemini and NotebookLM to drive organizational transformation.

🔍 BigQuery's new Column Metadata (CMETA) index is an automated, highly scalable metadata index that improves query pruning and reduces compute for extremely large tables. CMETA stores snapshots of block- and column-level statistics and is maintained transparently by BigQuery with no user intervention. Early adopters report up to 60x faster queries and up to 10x lower slot usage for selective filters, particularly on clustered columns.

🔎 Google will let users set AI mode as their default search tab, replacing the traditional blue links view for those who opt in. The change will be user-controlled via a toggle or button so individuals can choose AI-driven summaries as their primary experience while the classic Web tab remains accessible. Google says it is studying the impact on ads and publishers.

⚖️The European Commission has fined Google €2.95 billion ($3.5 billion) for abusing its dominance in the digital advertising technology market and favoring its adtech services over competitors. The regulator ordered Google to stop anti-competitive "self-preferencing" practices and to take measures to mitigate conflicts of interest in adtech. Google said the decision is wrong and plans to appeal, warning the changes could harm thousands of European businesses. Separately, France's CNIL fined Google €325 million for placing ads in Gmail without proper consent and violating cookie rules.

⚖ The French data protection authority CNIL has fined Google €325 million for placing advertising cookies and showing ads in Gmail's 'Promotions' and 'Social' tabs without valid user consent after investigations in 2022–2023. CNIL found Google failed to inform new account holders that accepting advertising cookies was required to access services, breaching Article L.34-5 and the French Data Protection Act (Article 82). The authority said the cookie-related practices affected over 74 million accounts (53 million individuals saw the ads), described the conduct as negligent and cited prior sanctions; it also fined Shein €150 million the same day for separate cookie violations.

⚖️ The French data protection authority, CNIL, has fined Google €325 million ($379 million) and Shein €150 million ($175 million) for placing advertising cookies without valid consent. CNIL found users were nudged to accept personalized ad cookies during Google account creation and that information remained unclear even after an opt-out option was added in October 2023. The regulator also said targeted ads placed inside Gmail's Promotions and Social tabs required explicit consent under the CPCE. Shein has updated systems and plans to appeal; Google must comply within six months or face €100,000-per-day penalties.

🔍 Target rebuilt its on-site search to combine lexical keyword matching with semantic vector retrieval, using AlloyDB AI to power filtered vector queries at scale. The engineering team implemented a multi-index architecture and a multi-channel relevance framework so hybrid queries can apply native SQL filters alongside vector similarity. The overhaul produced measurable gains — ~20% improvement in product discovery relevance, halved "no results" occurrences, and large latency reductions — while consolidating the stack and accelerating development.

🔒 Google has released the September 2025 Android security update addressing 84 vulnerabilities, including two zero-day flaws observed in limited, targeted exploitation: CVE-2025-38352 (Linux kernel) and CVE-2025-48543 (Android Runtime). The bulletin also patches four critical issues — including an RCE in the System component and three Qualcomm vulnerabilities affecting modem and data stacks. Users are urged to install security patch level 2025-09-01 or 2025-09-05 via Settings > System > Software updates > System update.

🔒 Google has released its September 2025 Android security updates addressing 120 vulnerabilities, including two issues that Google says have been exploited in limited, targeted attacks. The two highlighted flaws are CVE-2025-38352 (CVSS 7.4), affecting the Linux Kernel, and CVE-2025-48543, impacting the Android Runtime; both can enable local privilege escalation with no user interaction. Google issued patch levels 2025-09-01 and 2025-09-05 to let partners deploy common fixes more quickly and credited Benoît Sevens of TAG with reporting the kernel issue.

🔐 New research demonstrates practical, dangerous promptware attacks that exploit common interactions—calendar invites, emails, and shared documents—to manipulate LLM-powered assistants. The paper Invitation Is All You Need! evaluates 14 attack scenarios against Gemini-powered assistants and introduces a TARA framework to quantify risk. The authors reported 73% of identified threats as High-Critical and disclosed findings to Google, which deployed mitigations. Attacks include context and memory poisoning, tool misuse, automatic agent/app invocation, and on-device lateral movement affecting smart-home and device control.

🔔 Google has disputed reports that it issued a blanket warning asking 2.5 billion Gmail users to reset passwords following a recent breach that allegedly affected some Workspace accounts. In a Monday blog post the company called those headlines false and emphasized that Gmail's protections block over 99.9% of phishing and malware. Google advised users to enable two-step verification and adopt passkeys, and it criticized the spread of unverified claims by media and security vendors.

🔒 Google and security vendors say the Salesloft Drift supply-chain campaign is broader than initially reported. Threat actors tracked as UNC6395 harvested OAuth tokens from the Salesloft Drift integration with Salesforce and also accessed a very small number of Google Workspace accounts. Organizations should treat any tokens connected to Drift as potentially compromised, revoke and rotate credentials, review third-party integrations, and investigate connected systems for signs of unauthorized access.

🛡️ Malicious updates to the Nx npm package were published on 26 August, briefly delivering AI-assisted data‑stealing malware to developer systems. The infected releases injected crafted prompts into local AI CLIs (Anthropic’s Claude, Google Gemini, Amazon Q) to locate GitHub/npm tokens, SSH keys, .env secrets and cryptocurrency wallets, then encoded and uploaded the harvest by creating public repositories under victims' accounts. StepSecurity says eight compromised versions were live for five hours and 20 minutes and that attackers subsequently weaponized stolen GitHub CLI OAuth tokens to expose and fork private organization repositories. Recommended mitigation includes revoking tokens and SSH/GPG keys, making exposed repos private, disconnecting affected users and following a full remediation plan.

🔐 Google and Mandiant warn Salesloft Drift customers that OAuth tokens tied to the Drift platform should be treated as potentially compromised. Stolen tokens for the Drift Email integration were used to access email from a small number of Google Workspace accounts on August 9, 2025; Google stressed this is not a compromise of Workspace or Alphabet. Google revoked affected tokens, disabled the Workspace–Drift integration, and is urging customers to review, revoke, and rotate credentials across all Drift-connected integrations while investigations continue.

🔒 Google warns that the Salesloft Drift compromise is larger than first reported and included theft of OAuth tokens beyond the Salesforce integration. Threat actors used stolen tokens tied to the Drift Email integration to access a very small number of Google Workspace email accounts on August 9. Google says the tokens have been revoked, the Drift–Workspace integration is disabled, and affected customers were notified. Organizations using Drift should revoke and rotate all connected authentication tokens and review integrations for exposed secrets.

⚠️ Google is investigating authentication failures that prevent sign-ins to Clever and ClassLink on affected ChromeOS devices running build 16328.55.0 with Chrome 139.0.7258.137. The problem can disrupt Single Sign‑On and some 2‑Step Verification flows, blocking access to educational platforms. As temporary mitigations, administrators can roll back devices to ChromeOS M138 via the Google Admin console or change LoginAuthenticationBehavior to use the default GAIA authentication flow while Google validates a fix.

🚀 GKE Autopilot now runs on a container-optimized compute platform that rethinks autoscaling to deliver near-real-time capacity. The platform uses dynamically resizable VMs and a pool of pre-provisioned compute so nodes can be resized or allocated without disrupting workloads. Customers on GKE Autopilot 1.32+ get faster pod scheduling, improved HPA responsiveness, and support for in-place pod resize out of the box. Google recommends the general purpose compute class for small, gradually scaling services.

🚀 Gemini on Google Distributed Cloud (GDC) is now generally available for customers, bringing Google’s advanced Gemini models on‑premises with GA for air‑gapped deployments and a connected preview. The solution provides managed Gemini endpoints with zero‑touch updates, automatic load balancing and autoscaling, and integrates with Vertex AI and preview agents. It pairs Gemini 2.5 Flash and Pro with NVIDIA Hopper and Blackwell accelerators and includes audit logging, access controls, and support for Confidential Computing (Intel TDX and NVIDIA) to meet strict data residency, sovereignty, and compliance requirements.

📊 Storage Insights datasets put object and bucket metadata into a BigQuery-linked dataset that refreshes automatically, enabling detailed analysis of storage spend, distribution, lifecycle and Autoclass usage. Administrators can run SQL queries or use Gemini Cloud Assist for natural-language insights, then feed outputs into serverless batch operations to relocate, transition or delete data at scale. The feature supports organization-, folder-, project- or bucket-scoped datasets with daily updates and up to 90-day retention for operational and FinOps workflows.