#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

Google | Breaking Cybersecurity News | The Hacker News

Category — Google
Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification

Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification

Feb 11, 2025 Mobile Security / Machine Learning
Google has stepped in to clarify that a newly introduced Android System SafetyCore app does not perform any client-side scanning of content. "Android provides many on-device protections that safeguard users against threats like malware, messaging spam and abuse protections, and phone scam protections, while preserving user privacy and keeping users in control of their data," a spokesperson for the company told The Hacker News when reached for comment. "SafetyCore is a new Google system service for Android 9+ devices that provides the on-device infrastructure for securely and privately performing classification to help users detect unwanted content. Users are in control over SafetyCore and SafetyCore only classifies specific content when an app requests it through an optionally enabled feature." SafetyCore (package name "com.google.android.safetycore") was first introduced by Google in October 2024, as part of a set of security measures designed to...
Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104

Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104

Feb 04, 2025 Vulnerability / Mobile Security
Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild. The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class ( UVC ) driver. Successful exploitation of the flaw could lead to physical escalation of privilege, Google said, noting that it's aware that it may be under "limited, targeted exploitation." While no other technical details have been offered, Linux kernel developer Greg Kroah-Hartman revealed in early December 2024 that the vulnerability is rooted in the Linux kernel and that it was introduced in version 2.6.26 , which was released in mid-2008. Specifically, it has to do with an out-of-bounds write condition that could arise as a result of parsing frames of type UVC_VS_UNDEFINED in a function named "uvc_parse_format()" i...
Watch Out For These 8 Cloud Security Shifts in 2025

Watch Out For These 8 Cloud Security Shifts in 2025

Feb 04, 2025Threat Detection / Cloud Security
As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud. But there are other developments that could impact your organizations and drive the need for an even more robust security strategy. Let's take a look… #1: Increased Threat Landscape Encourages Market Consolidation Cyberattacks targeting cloud environments are becoming more sophisticated, emphasizing the need for security solutions that go beyond detection. Organizations will need proactive defense mechanisms to prevent risks from reaching production. Because of this need, the market will favor vendors offering comprehensive, end-to-end security platforms that streamline risk mitigation and enhance operational efficiency. #2: Cloud Security Unifies with SOC Priorities Security operations centers (SOC) and cloud security functions are c...
Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations

Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations

Jan 30, 2025 Artificial Intelligence / Data Security
Over 57 distinct threat actors with ties to China, Iran, North Korea, and Russia have been observed using artificial intelligence (AI) technology powered by Google to further enable their malicious cyber and information operations. "Threat actors are experimenting with Gemini to enable their operations, finding productivity gains but not yet developing novel capabilities," Google Threat Intelligence Group (GTIG) said in a new report. "At present, they primarily use AI for research, troubleshooting code, and creating and localizing content." Government-backed attackers, otherwise known as Advanced Persistent Threat (APT) groups, have sought to use its tools to bolster multiple phases of the attack cycle, including coding and scripting tasks, payload development, gathering information about potential targets, researching publicly known vulnerabilities, and enabling post-compromise activities, such as defense evasion. Describing Iranian APT actors as the "he...
cyber security

Webinar: 5 Ways New AI Agents Can Automate Identity Attacks | Register Now

websitePush SecurityAI Agents / Identity Security
Watch how Computer-Using Agents can be used by attackers to automate account takeover and exploitation.
Android's New Identity Check Feature Locks Device Settings Outside Trusted Locations

Android's New Identity Check Feature Locks Device Settings Outside Trusted Locations

Jan 24, 2025 Biometric / Mobile Security
Google has launched a new feature called Identity Check for supported Android devices that locks sensitive settings behind biometric authentication when outside of trusted locations. "When you turn on Identity Check, your device will require explicit biometric authentication to access certain sensitive resources when you're outside of trusted locations," Google said in a post announcing the move. In doing so, biometric authentication will be required for the following actions - Access saved passwords and passkeys with Google Password Manager Autofill passwords in apps from Google Password Manager, except in Chrome Change screen lock, like PIN, pattern, and password Change biometrics, like Fingerprint or Face Unlock Run a factory reset Turn off Find My Device Turn off any theft protection features View trusted places Turn off Identity Check Set up a new device with your current device Add or remove a Google Account Access Developer options Identity C...
Google OAuth Vulnerability Exposes Millions via Failed Startup Domains

Google OAuth Vulnerability Exposes Millions via Failed Startup Domains

Jan 14, 2025 Vulnerability / Data Privacy
New research has pulled back the curtain on a "deficiency" in Google's "Sign in with Google" authentication flow that exploits a quirk in domain ownership to gain access to sensitive data. "Google's OAuth login doesn't protect against someone purchasing a failed startup's domain and using it to re-create email accounts for former employees," Truffle Security co-founder and CEO Dylan Ayrey said in a Monday report.  "And while you can't access old email data, you can use those accounts to log into all the different SaaS products that the organization used." The San Francisco-based company said the issue has the potential to put millions of American users' data at risk simply by purchasing a defunct domain associated with a failed startup and gaining unauthorized access to old employee accounts related to various applications like OpenAI ChatGPT, Slack, Notion, Zoom, and even HR systems. "The most sensitive accou...
Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices

Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices

Jan 10, 2025 Cybersecurity / Android
Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey's Audio (APE) decoder on Samsung smartphones that could lead to code execution. The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14. "Out-of-bounds write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code," Samsung said in an advisory for the flaw released in December 2024 as part of its monthly security updates. "The patch adds proper input validation." Google Project Zero researcher Natalie Silvanovich, who discovered and reported the shortcoming, described it as requiring no user interaction to trigger (i.e., zero-click) and a "fun new attack surface" under specific conditions. Particularly, this works if Google Messages is configured for rich communication services ( RCS ), the default configuration on Galaxy S23 and S24 ph...
HubPhish Abuses HubSpot Tools to Target 20,000 European Users for Credential Theft

HubPhish Abuses HubSpot Tools to Target 20,000 European Users for Credential Theft

Dec 18, 2024 Email Security / Cloud Security
Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims' Microsoft Azure cloud infrastructure. The campaign has been codenamed HubPhish by Palo Alto Networks Unit 42 owing to the abuse of HubSpot tools in the attack chain. Targets include at least 20,000 automotive, chemical, and industrial compound manufacturing users in Europe. "The campaign's phishing attempts peaked in June 2024, with fake forms created using the HubSpot Free Form Builder service," security researchers Shachar Roitman, Ohad Benyamin Maimon, and William Gamazo said in a report shared with The Hacker News. The attacks involve sending phishing emails with Docusign-themed lures that urge recipients to view a document, which then redirects users to malicious HubSpot Free Form Builder links , from where they are led to a fake Office 365 Outlook Web App login page in order to ste...
INTERPOL Pushes for "Romance Baiting" to Replace "Pig Butchering" in Scam Discourse

INTERPOL Pushes for "Romance Baiting" to Replace "Pig Butchering" in Scam Discourse

Dec 18, 2024 Cyber Fraud / Social engineering
INTERPOL is calling for a linguistic shift that aims to put to an end to the term " pig butchering ," instead advocating for the use of "romance baiting" to refer to online scams where victims are duped into investing in bogus cryptocurrency schemes under the pretext of a romantic relationship. "The term 'pig butchering' dehumanizes and shames victims of such frauds, deterring people from coming forward to seek help and provide information to the authorities," the agency said in a statement. The cryptocurrency theft scheme first appeared in China around 2016, but has since proliferated across the world over the years. It has its origins in the Chinese phrase "杀猪盘" ("shā zhū pán"), which literally translates to "pig butchering," a reference to the practice of fattening a pig before slaughter. In a similar vein, the investment fraud often involves fraudsters contacting prospective targets on social media and da...
Google's New Restore Credentials Tool Simplifies App Login After Android Migration

Google's New Restore Credentials Tool Simplifies App Login After Android Migration

Nov 25, 2024 Mobile Security / Privacy
Google has introduced a new feature called Restore Credentials to help users restore their account access to third-party apps securely after migrating to a new Android device. Part of Android's Credential Manager API , the feature aims to reduce the hassle of re-entering the login credentials for every app during the handset replacement. "With Restore Credentials, apps can seamlessly onboard users to their accounts on a new device after they restore their apps and data from their previous device," Google's Neelansh Sahai said . The tech giant said the process occurs automatically in the background when a user restores apps and data from a previous device, enabling apps to sign users back into the respective accounts without requiring any additional interaction. This is accomplished by means of what's called a restore key, which, in reality, is a public key that's compatible with FIDO2 standards such as passkeys. Thus when a user signs in to an app that...
Google Exposes GLASSBRIDGE: A Pro-China Influence Network of Fake News Sites

Google Exposes GLASSBRIDGE: A Pro-China Influence Network of Fake News Sites

Nov 23, 2024 Cloud Security / Threat Intelligence
Government agencies and non-governmental organizations in the United States have become the target of a nascent China state threat actor known as Storm-2077. The adversary, believed to be active since at least January 2024, has also conducted cyber attacks against the Defense Industrial Base (DIB), aviation, telecommunications, and financial and legal services across the world, Microsoft said . The activity cluster, the company added, overlaps with a threat group that Recorded Future's Insikt Group is tracking as TAG-100 . Attack chains have involved targeting various internet-facing edge devices using publicly available exploits to gain initial access and drop Cobalt Strike as well as open-source malware such as Pantegana and Spark RAT, the cybersecurity company noted back in July. "Over the past decade, following numerous government indictments and the public disclosure of threat actors' activities, tracking and attributing cyber operations originating from China has b...
Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects

Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects

Nov 21, 2024 Artificial Intelligence / Software Security
Google has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library. "These particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets," Google's open-source security team said in a blog post shared with The Hacker News. The OpenSSL vulnerability in question is CVE-2024-9143 (CVSS score: 4.3), an out-of-bounds memory write bug that can result in an application crash or remote code execution. The issue has been addressed in OpenSSL versions 3.3.3, 3.2.4, 3.1.8, 3.0.16, 1.1.1zb, and 1.0.2zl. Google, which added the ability to leverage large language models (LLMs) to improve fuzzing coverage in OSS-Fuzz in August 2023, said the vulnerability has likely been present in the codebase for two decades and that it "wo...
Gmail's New Shielded Email Feature Lets Users Create Aliases for Email Privacy

Gmail's New Shielded Email Feature Lets Users Create Aliases for Email Privacy

Nov 18, 2024 Privacy / Email Security
Google appears to be readying a new feature called Shielded Email that allows users to create email aliases when signing up for online services and better combat spam. The feature was first reported by Android Authority last week following a teardown of the latest version of Google Play Services for Android. The idea is to create unique, single-use email addresses that forward the messages to the associated primary account, thereby preventing the need for providing the real email address when filling out forms or registering for new services online. The idea of email aliases for improved privacy is not new. Back in 2021, Apple introduced a similar feature called Hide My Email that allows iCloud+ subscribers to generate random burner email addresses. It can also be used to set up new ones in Safari, Mail, and Apple Pay wherever email addresses are required. Other providers like Bitwarden and DuckDuckGo have since also released an analogous feature. It's worth noting that...
Researchers Warn of Privilege Escalation Risks in Google's Vertex AI ML Platform

Researchers Warn of Privilege Escalation Risks in Google's Vertex AI ML Platform

Nov 15, 2024 Artificial Intelligence / Vulnerability
Cybersecurity researchers have disclosed two security flaws in Google's Vertex machine learning (ML) platform that, if successfully exploited, could allow malicious actors to escalate privileges and exfiltrate models from the cloud. "By exploiting custom job permissions, we were able to escalate our privileges and gain unauthorized access to all data services in the project," Palo Alto Networks Unit 42 researchers Ofir Balassiano and Ofir Shaty said in an analysis published earlier this week. "Deploying a poisoned model in Vertex AI led to the exfiltration of all other fine-tuned models, posing a serious proprietary and sensitive data exfiltration attack risk." Vertex AI is Google's ML platform for training and deploying custom ML models and artificial intelligence (AI) applications at scale. It was first introduced in May 2021. Crucial to leveraging the privilege escalation flaw is a feature called Vertex AI Pipelines , which allows users to automat...
Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes

Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes

Nov 14, 2024 Artificial Intelligence / Cryptocurrency
Google has revealed that bad actors are leveraging techniques like landing page cloaking to conduct scams by impersonating legitimate sites. "Cloaking is specifically designed to prevent moderation systems and teams from reviewing policy-violating content which enables them to deploy the scam directly to users," Laurie Richardson, VP and Head of Trust and Safety at Google, said . "The landing pages often mimic well-known sites and create a sense of urgency to manipulate users into purchasing counterfeit products or unrealistic products." Cloaking refers to the practice of serving different content to search engines like Google and users with the ultimate goal of manipulating search rankings and deceiving users. The tech giant said it has also observed a cloaking trend wherein users clicking on ads are redirected via tracking templates to scareware sites that claim their devices are compromised with malware and lead them to other phony customer support sites, w...
Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System

Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System

Nov 05, 2024 Mobile Security / Vulnerability
Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to "Android/data," "Android/obb," and "Android/sandbox" directories, and their respective sub-directories, according to a code commit message . There are currently no details about how the vulnerability is being weaponized in real-world attacks, but Google acknowledged in its monthly bulletin that there are indications it "may be under limited, targeted exploitation." The tech giant has also flagged CVE-2024-43047, a now-patched security bug in Qualcomm chipsets, as having been actively exploited. A use-after-free vulnerability in the Digital Signal Processor (DSP) Service, a successful exploitation of the security flaw could lead to memory corrupti...
Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine

Google's AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine

Nov 04, 2024 Artificial Intelligence / Vulnerability
Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework called Big Sleep (formerly Project Naptime). The tech giant described the development as the "first real-world vulnerability" uncovered using the artificial intelligence (AI) agent. "We believe this is the first public example of an AI agent finding a previously unknown exploitable memory-safety issue in widely used real-world software," the Big Sleep team said in a blog post shared with The Hacker News. The vulnerability in question is a stack buffer underflow in SQLite, which occurs when a piece of software references a memory location prior to the beginning of the memory buffer, thereby resulting in a crash or arbitrary code execution. "This typically occurs when a pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of t...
Google Joins Forces with GASA and DNS RF to Tackle Online Scams at Scale

Google Joins Forces with GASA and DNS RF to Tackle Online Scams at Scale

Oct 09, 2024 Cybercrime / Threat Detection
Google on Wednesday announced a new partnership with the Global Anti-Scam Alliance ( GASA ) and DNS Research Federation ( DNS RF ) to combat online scams . The initiative, which has been codenamed the Global Signal Exchange ( GSE ), is designed to create real-time insights into scams, fraud, and other forms of cybercrime pooling together threat signals from different data sources in order to create more visibility into the facilitators of cybercrime. "By joining forces and establishing a centralized platform, GSE aims to improve the exchange of abuse signals, enabling faster identification and disruption of fraudulent activities across various sectors, platforms and services," Google said in a blog post shared with The Hacker News. "The goal is to create a user-friendly, efficient solution that operates at an internet-scale, and is accessible to qualifying organizations, with GASA and the DNS Research Federation managing access." The tech giant said it has sh...
Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks

Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks

Oct 03, 2024 Mobile Security / Technology
Google has revealed the various security guardrails that have been incorporated into its latest Pixel devices to counter the rising threat posed by baseband security attacks. The cellular baseband (i.e., modem) refers to a processor on the device that's responsible for handling all connectivity, such as LTE, 4G, and 5G, with a mobile phone cell tower or base station over a radio interface. "This function inherently involves processing external inputs, which may originate from untrusted sources," Sherk Chung and Stephan Chen from the Pixel team, and Roger Piqueras Jover and Ivan Lozano from the company's Android team said in a blog post shared with The Hacker News. "For instance, malicious actors can employ false base stations to inject fabricated or manipulated network packets. In certain protocols like IMS (IP Multimedia Subsystem), this can be executed remotely from any global location using an IMS client." What's more, the firmware powering the...
Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature

Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature

Sep 20, 2024 Encryption / Digital Security
Google on Thursday unveiled a Password Manager PIN to let Chrome web users sync their passkeys across Windows, macOS, Linux, ChromeOS, and Android devices. "This PIN adds an additional layer of security to ensure your passkeys are end-to-end encrypted and can't be accessed by anyone, not even Google," Chrome product manager Chirag Desai said . The PIN is a six-digit code by default, although it's also possible to create a longer alpha-numeric PIN by selecting "PIN options." This marks a change from the previous status quo where users could only save passkeys to save passkeys to Google Password Manager on Android. While the passkeys could be used on other platforms, it was necessary to scan a QR code using the device where they were generated. The latest change removes that step, making it a lot easier for users to sign in to online services using passkeys by simply scanning their biometrics. Google noted that support for iOS is expected to arrive soon...
Expert Insights / Articles Videos
Cybersecurity Resources