All CosmicBytez Labs articles tagged #Google, across news, security advisories, how-to guides, and projects.
Trend Micro researchers discovered a Russian-speaking threat actor named 'bandcampro' who jailbroke Google's open-source Gemini CLI to operate an 8-machine botnet inside a dental clinic, including autonomously migrating C2 infrastructure in just 6 minutes.
Threat actors linked to North Korea's Contagious Interview campaign have published 108 malicious packages and browser extensions across npm, Packagist,...
Google's Threat Intelligence Group and the FBI have dismantled NetNut, a residential proxy network built on 2 million compromised Android smart TVs and...
Working alongside the FBI and Lumen Technologies, Google's Threat Intelligence Group has significantly degraded NetNut — one of the largest networks that...
The Court of Justice of the European Union has dismissed Google's final appeal against a €4.1 billion antitrust fine, confirming that the company...
A malicious extension masquerading as the Perplexity AI answer engine was discovered on the Chrome Web Store, intercepting search traffic and collecting...
Security researchers at Island discovered that 'Adblock for YouTube,' a Chrome extension with over 10 million installs and a Featured badge, contains a...
Google's Threat Intelligence Group discovered and disrupted a sprawling China-nexus espionage campaign that stole RedCAP credentials to silently breach...
Google's Threat Intelligence Group has unmasked UNC6508, a China-linked espionage actor that silently maintained access to critical infrastructure and...
Starting August 3, 2026, Google will use IP addresses from UK, EEA, and Switzerland users for ad measurement and personalization — a reversal of its...
A joint FBI and Google operation took down the Outsider Enterprise phishing platform — responsible for over 9,000 fake sites, nearly 4 million stolen...
A joint FBI and Google operation has dismantled the 'Outsider Enterprise' phishing-as-a-service platform responsible for over 9,000 phishing sites, nearly...
The FBI, Google, and Black Lotus Labs jointly dismantled Outsider Enterprise, a massive Chinese phishing-as-a-service platform that operated over one...
Google's Threat Intelligence Group confirmed in-the-wild exploitation of Oracle PeopleSoft zero-day CVE-2026-35273 by ShinyHunters, even as Oracle...
This week's security roundup covers Google's controversial security team layoffs, Europol's dismantling of the AudiA6 ransomware crypto laundering...
A critical out-of-bounds read and write vulnerability in the Chromium V8 engine allows remote attackers to execute arbitrary code inside a sandbox via a...
An autonomous AI security agent found 21 previously unknown vulnerabilities in FFmpeg, the media library powering countless applications. The same week…
Researchers have uncovered a large-scale SEO poisoning campaign that uses fake open-source and freeware project sites to funnel victims through a Traffic…
Google's June 2026 Android security bulletin addresses 124 vulnerabilities including CVE-2025-48595, an actively exploited zero-day used in limited targeted…
Google's June 2026 Android security update patches 124 vulnerabilities including one zero-day flaw that has been actively exploited in targeted attacks…
Google has released Chrome 148 with patches for 151 security vulnerabilities, including critical-severity flaws that could allow remote code execution....
A Google security engineer was charged with insider trading after winning $1.2 million by placing bets on cryptocurrency-based Polymarket using...
CrowdStrike, Google, and Shadowserver dismantled the Glassworm botnet, stripping operators of infrastructure used to inject malware into OSS packages.
CrowdStrike, Google, and Shadowserver simultaneously disrupted GlassWorm C2 channels, ending a supply-chain campaign targeting developers via packages.
Google accidentally leaked information about an unpatched Chromium vulnerability that allows JavaScript to continue running in the background even after...
Google confirms the first AI-generated zero-day in the wild; TeamPCP's Mini Shai-Hulud worm hits TanStack, Mistral AI, and Guardrails AI; Instructure pays...
SecurityWeek reports that Google has confirmed detecting the first known AI-generated zero-day exploit actively used in the wild. The exploit, designed to...
Google Threat Intelligence Group researchers say a zero-day exploit targeting a widely used open-source web administration tool was likely generated using...
Google has disclosed a landmark discovery: an unknown threat actor used an AI system to develop a zero-day exploit in the wild — the first confirmed...
Attackers are running a sophisticated malvertising campaign that hijacks Google Ads and legitimate Claude.ai shared chat sessions to deliver Mac malware...
A critical vulnerability in Google's Gemini CLI allowed an attacker to plant a malicious configuration file that executed commands outside the sandbox,...
Google has patched a maximum severity vulnerability in its Gemini CLI npm package and GitHub Actions workflow that allowed unprivileged attackers to...
A CVSS 9.6 critical use-after-free vulnerability in the GPU component of Google Chrome prior to 147.0.7727.138 allows a remote attacker to potentially...
Microsoft released patches for 167 security vulnerabilities in April 2026, including an actively exploited SharePoint Server zero-day and the publicly...
Google removed over 8.3 billion policy-violating ads and suspended 24.9 million accounts in 2025, while simultaneously rolling out sweeping Android 17...
Google's Threat Intelligence Group has formally attributed the supply chain compromise of the popular Axios npm package to UNC1069, a financially...
Google has patched the fourth Chrome zero-day vulnerability actively exploited in attacks this year, a use-after-free flaw in the Dawn graphics engine...
Google has released a Chrome security update patching 21 vulnerabilities including a high-severity use-after-free zero-day in the Dawn graphics engine...
A new Android malware named NoVoice was discovered hiding in over 50 apps on the Google Play Store, with a combined download count of at least 2.3...
A high-severity heap buffer overflow in Chrome's GPU component allows remote attackers to execute arbitrary code via a crafted HTML page. Affects all...
Google researchers have demonstrated that breaking the elliptic curve cryptography underpinning Bitcoin and Ethereum requires 20x fewer qubits than...
Google is testing a new Android Advanced Protection Mode enforcement in Android 17 Beta 2 that automatically strips non-accessibility apps of their...
Google's Threat Intelligence Group tracked 90 zero-day vulnerabilities actively exploited in 2025, with enterprise software and appliances accounting for...
Google's March 2026 Android security bulletin addresses 129 vulnerabilities, including CVE-2026-21385 — an actively exploited zero-day in a Qualcomm...
Google's Threat Intelligence Group dismantles UNC2814, a China-linked operation that deployed a novel backdoor called GRIDTIDE abusing Google Sheets API...
Indian conglomerate Adani announces a massive $100 billion investment to develop renewable energy-powered AI data centers across India, partnering with...
YouTube experienced a massive global outage on February 17 after a failure in Google's recommendations system cascaded across the entire platform,...
India's AI Impact Summit kicks off February 16 in New Delhi, drawing 20 national leaders, 45 ministerial delegations, and the CEOs of Anthropic, OpenAI,...
Google reports that APT groups from China, Russia, Iran, and North Korea are all actively using Gemini AI for cyber operations including target...
The European Commission grants unconditional antitrust approval for Google's $32 billion all-cash acquisition of cloud security firm Wiz — the largest...
Google activates ML-KEM post-quantum key encapsulation by default in Chrome 134 and announces migration timeline for all Google Cloud TLS connections.
Two severe vulnerabilities in Google Looker, dubbed 'LookOut', could allow attackers to gain complete control of self-hosted deployments affecting 60,000+...