< ciso
brief />
Tag Banner

All news with #google tag

584 articles · page 9 of 30

Gemma 4 Now Available Across Google Cloud Ecosystem

🔒 Gemma 4 is now available on Google Cloud as an open, commercially permissive (Apache 2.0) family of models with context windows up to 256K, native vision and audio processing, and support for over 140 languages. Enterprises can deploy and fine-tune Gemma 4 via Vertex AI, serve inference serverlessly on Cloud Run, or run production workloads on GKE and TPUs. The release highlights data residency and compliance through Sovereign Cloud options and open weights, enabling secure, controlled AI deployments.
read more →

NoVoice Android Malware on Google Play Infects Millions

📱 Researchers at McAfee uncovered NoVoice, an Android rootkit hidden in more than 50 Google Play apps that were downloaded at least 2.3 million times. The apps requested no suspicious permissions and used steganography to hide an encrypted APK payload that exploits historically patched kernel and driver vulnerabilities to gain root. Once rooted, the implant replaces system libraries, disables SELinux, and installs persistent recovery scripts and a watchdog so the rootkit survives factory resets. McAfee reported the apps and Google removed them, but previously infected devices should be considered compromised.
read more →

Top Infrastructure and GKE Sessions at Cloud Next '26

📣 This guide highlights the Infrastructure and GKE sessions at Cloud Next '26, offering a curated set of technical breakouts across Compute, AI infrastructure, migration, modernization, and scale. Attend spotlights and deep dives to hear from Google leaders and engineering teams about Gemini, Google Distributed Cloud, and the AI Hypercomputer. Sessions cover TPU/GPU roadmaps, high‑performance compute, agentic AI pipelines, and practical migration and FinOps strategies designed to help organizations build resilient, AI‑ready infrastructure.
read more →

Google rolls out Android developer verification plan

🔒 Google has begun rolling out a new Android developer verification system designed to reduce malicious apps and strengthen platform security. The scheme requires developers to verify their identities and register apps, notably when distributing software outside Google Play; eligible Play apps will be auto-registered. Unregistered apps may later require an advanced sideloading flow or ADB, while Google stages enforcement from April 2026 and expands globally after 2027.
read more →

Google Patches Chrome Zero-Day CVE-2026-5281 Exploit

🔒 Google released updates for Chrome to fix 21 vulnerabilities, including a zero-day (CVE-2026-5281) that has been exploited in the wild. Dawn, the WebGPU implementation, contains a use-after-free bug allowing a remote attacker with access to the renderer process to execute arbitrary code via crafted HTML. Users should update to versions 146.0.7680.177/178 on Windows and macOS and 146.0.7680.177 on Linux, and ensure Chromium-based browsers receive vendor patches.
read more →

Google fixes fourth Chrome zero-day exploited in 2026

⚠️ Google released emergency updates to fix a fourth actively exploited Chrome zero-day, tracked as CVE-2026-5281. The issue is a use-after-free in Dawn, Chromium's implementation of the WebGPU standard, and can cause crashes, rendering problems, or data corruption. Patches are available on Stable Desktop for Windows, macOS (146.0.7680.177/178), and Linux (146.0.7680.177); rollouts may take days, but updates are immediately available when checking.
read more →

Google Links UNC1069 to Trojanized Axios npm Package

🛡️ Google's Threat Intelligence Group has attributed a supply chain compromise of the popular Axios npm package to a suspected North Korean cluster tracked as UNC1069. Attackers seized a maintainer npm account and pushed trojanized releases (1.14.1 and 0.30.4) that added a malicious dependency, plain-crypto-js. That dependency used a postinstall hook to deploy an obfuscated dropper (SILKBELL) which fetched OS-specific payloads and ultimately installed the WAVESHAPER.V2 backdoor. Organizations should audit dependency trees, search node_modules for plain-crypto-js, isolate affected hosts, block the C2 domain sfrclak[.]com, and rotate credentials.
read more →

Google Drive Enables Ransomware Detection by Default

🛡️ Google has made its AI-powered Google Drive ransomware detection generally available and enabled it by default for paying Workspace customers. The feature scans files as they sync from desktop computers and pauses Drive syncing when ransomware-encrypted files are detected, alerting users and admins. It provides guided instructions and a Drive restoration tool to recover corrupted files, and Google says its latest model detects 14x more infections. Admins may disable the feature in the Admin console, and endpoints need Drive for desktop v.114+ for full alerting functionality.
read more →

Google Lets U.S. Users Change Their @gmail Address Now

✉️ Google is rolling out a U.S. option that lets users change the username portion of their @gmail.com address or add a new alias. The update is available from Google Account settings and requires selecting a unique new username; changes propagate across services such as Gmail, Photos, and Drive. If the toggle is missing, the feature isn’t yet available for that account or region. Google says the old username will remain linked to the account and will not be reissued.
read more →

Android Developer Verification Rolls Out Ahead of Mandate

🔒 Google has begun rolling out Android developer verification, requiring developers who distribute apps outside Google Play to create an account in the Android Developer Console to confirm their identity. The rollout precedes a September enforcement in Brazil, Indonesia, Singapore, and Thailand, with global expansion planned next year. Sideloading of unregistered APKs remains possible for power users via an advanced flow that includes an authentication step and a one-off 24-hour waiting period to deter scammers.
read more →

Customers Achieve Scale and Flexibility with Spanner

🚀 Google Cloud Spanner’s interoperable multi-model capabilities are being adopted by customers to run relational, graph, vector, and full-text workloads together at global scale. Real-world examples across fraud detection, recommendation engines, hybrid search, and autonomous network operations show consolidation of database sprawl, elimination of ETL, and improved real-time analytics. Customers such as DANA, Palo Alto Networks, Target and Inspira highlight Spanner’s global consistency, native graph and vector search, and high availability as enablers of simpler, future-proof architectures.
read more →

Spanner's Multi-Model Advantage for Agentic AI in Production

🔍Spanner positions itself as a unified, globally consistent database designed for agentic AI by combining relational, key-value, graph, vector and full-text search capabilities in one platform. The post argues this interoperable multi-model approach reduces data silos, removes brittle synchronization logic, and improves governance, availability, and development velocity. Google highlights features such as GQL graph support, a Cassandra native endpoint for lift-and-shift, and ScaNN-based ANN vector search. The customer example of MakeMyTrip illustrates significant operational simplification and faster AI feature delivery.
read more →

Google VRP 2025 Year in Review: Growth and Milestones

🛡️ In 2025 Google’s Vulnerability Reward Program (VRP) celebrated its 15th anniversary and awarded over $17 million to more than 700 researchers worldwide — a 40%+ increase versus 2024. The year introduced a standalone AI VRP, extended Chrome rewards for AI features, and launched a patch rewards program for OSV-SCALIBR. Multiple bugSWAT events and the ESCAL8 conference generated hundreds of reports and significant payouts. Google reaffirms its commitment to collaboration, transparency, and continued events in 2026.
read more →

AI-Driven Sustainability Reporting and Infrastructure

⚙️ Google and partners are applying generative AI to streamline environmental reporting and infrastructure. Internally, Google used Gemini to auto-validate claims against policies and NotebookLM to convert static reports into an interactive, cited knowledge base. Equinix built a Sustainability Data Lake on BigQuery, ingesting data from 240+ sites to shift from manual spreadsheets to on-demand insights. The approach pairs serverless architecture and carbon-intelligent infrastructure to cut cost, compute waste, and reporting cycle time.
read more →

Evolving Expectations of What's Possible with AI in Privacy

🔒 Kent Walker, Google's President of Global Affairs, outlined how rapidly evolving user expectations are shaping AI development at the IAPP Global Summit 2026. He highlighted Personal Intelligence in Search and the Ukraine national assistant Diia.AI as examples of context-aware, task-oriented assistants. Google’s rollout approach emphasizes trusted testers, staged expansion, continuous feedback, and clear controls over agents’ access, while applying guardrails such as Gemini avoiding proactive assumptions. Walker urged investment in privacy-enhancing technologies, new transparency models, and global standards to align data protection with these innovations.
read more →

Google Warns: Quantum Threat to Encryption by 2029

🔒 Google warns that advances in quantum computing could render widely used public-key cryptography vulnerable as early as 2029, increasing the risk of store-now-decrypt-later attacks. The company points to progress in quantum hardware, error correction and factoring resource estimates that compress migration timelines. To reduce exposure, Google will include post-quantum digital signature protection in Android 17, aligned with NIST recommendations. It urges organizations to treat post-quantum cryptography migration as an immediate operational priority rather than a distant compliance task.
read more →

Google Accelerates Post-Quantum Migration Deadline to 2029

🔒Google announced it is accelerating its post-quantum cryptography migration, setting 2029 as the new target to phase out quantum-vulnerable algorithms and prioritizing PQC for authentication services. The company cites rapid improvements in quantum hardware, error correction and algorithmic estimates that drastically reduce the qubit requirements to break common asymmetric encryption. Google urged other engineering teams and hyperscalers to follow suit, warning that adversaries may already be collecting encrypted data for future decryption.
read more →

ThreatsDay Bulletin: PQC Push, AI Bugs, Pirated Backdoors

🔔 This week’s ThreatsDay Bulletin captures a quieter, sneakier cadence: big-picture progress on cryptography and AI set against a steady churn of pragmatic abuse. Google accelerated a PQC migration to 2029 and GitHub is bringing AI-powered detections into the PR workflow, while threat actors keep innovating around trust — using pirated ISOs, fake extensions, firmware implants and clever phishing to scale backdoors, credential theft and fraud. The common thread is operational efficiency: takedowns and disruptions are temporary, but the workflows keep returning.
read more →

Android 17 Adopts NIST Post-Quantum Standards Platform

🔒 Google is introducing post-quantum cryptography support in Android 17, integrating NIST’s lattice-based standards into boot, keystore, and app signing to establish a quantum-resistant chain of trust. The release adds ML-DSA to Android Verified Boot and migrates KeyMint certificate chains and Remote Attestation toward PQC compliance. Developers gain native support for ML-DSA-65 and ML-DSA-87 via the KeyPairGenerator API, and Google Play will offer hybrid APK signing with keys managed by Google Cloud KMS to preserve compatibility during migration.
read more →

Google Sets 2029 Timeline for Post-Quantum Migration

🔐 Google announces a company-wide timeline targeting 2029 for migration to post-quantum cryptography (PQC) to protect against future quantum threats. The timeline reflects advances in quantum hardware, error correction, and factoring estimates, and prioritizes PQC for authentication services to guard digital signatures. Google cites ongoing integrations — including Android 17 using ML-DSA, Chrome support, and Cloud offerings — as concrete commitments and urges other teams and organizations to accelerate their own migrations.
read more →