Description: A significant search engine optimization (SEO) campaign hacked over 15,000 websites. The threat actors set up the attack to divert website visitors to phoney Q&A discussion boards. The attacks were mostly discovered by Sucuri, and according to analysis, each compromised site that is utilized as a part of the plan comprises about 20,000 files used in the campaign to spam search engines, with WordPress making up the majority of the sites. The threat actors probably tried to conduct ad fraud.

Description: Cybersecurity and Infrastructure Security Agency (CISA) added the Google Chrome zero-day to its catalog of exploited vulnerabilities. The bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed. An attacker could exploit the vulnerability and compromise a victim when they simply visit a website that hosts malicious HTML code.

Description: Google commenced notifying its staff members of a breach of data that happened at a third-party company that provides benefits. Google Inc. began informing the concerned parties of an email gaffe that resulted in a data breach containing their private and sensitive information. The revelation followed the discovery by a vendor specialising in employee/staff benefits administration services that an email containing confidential, sensitive data about Google personnel had been accidentally forwarded to the incorrect recipient. Based on preliminary reports, no evidence of misuse, abuse, or malevolent intent was found. Additionally, according to logs from both parties, no one else has willfully seen, stored, or released this document locally, remotely, or to any other party.

Description: Google's Advanced Protection Program (APP) users faced targeted digital attack risks but now have access to passkeys, a cryptographic authentication system offering a higher security level than passwords. Passkeys, which can be stored locally and protected with biometrics or a pin, are less susceptible to phishing and do not require carrying an additional physical token. This shift enhances security for public figures and those involved in controversial work who are at high risk. Despite being a significant step forward in cybersecurity, there's no indication that user data has been compromised as a result of previous vulnerabilities.

Description: Google has rolled out passkeys to users of its Advanced Protection Program (APP), enhancing account security for individuals at risk of targeted digital attacks. Passkeys, a cryptographic authentication replacement for passwords, offer a higher security level by being stored locally and protected by biometric or PIN verification. Google's initiative addresses the explosive growth of digital crime, simplifying and strengthening user protection against phishing and fraud, especially for users in the public eye or engaging in controversial work. While previously dependent on hardware tokens for two-factor authentication, APP now provides the convenience of passkeys without compromising on security, thus sustaining user trust by mitigating potential risks associated with compromised account credentials.

Description: Google Play was infiltrated by Mandrake Android spyware, resulting in over 32,000 downloads of compromised apps since 2022. This sophisticated malware allowed attackers complete control over infected devices, securing sensitive data exfiltration, and used a 'seppuku' feature for self-removal after its malicious deeds, thus leaving no traces. Despite the apps remaining undetected on the official platform for a significant period, most affected users are from countries like Canada, Germany, Italy, Mexico, Spain, Peru, and the UK, with one app alone achieving over 30,000 downloads. The discovery underscores the evolving tactics of attackers and the challenges faced by marketplaces in preventing sophisticated threats.

Description: Over 32,000 users have been impacted by the Mandrake Android spyware, which was embedded in five apps on the Google Play Store. This malicious software enabled attackers to gain full control of infected devices and exfiltrate personal data. The spyware employed sophisticated evasion and obfuscation techniques, including the hiding of its malicious payload in native libraries and implementing a kill-switch to remove all traces of its presence. Despite the advanced nature of the attack, the apps remained undetected on the official marketplace for an extended period, evidencing the significant threat and potential impact on users' privacy and security.

Description: McAfee researchers discovered 15 SpyLoan Android apps on Google Play that had been downloaded over 8 million times. These apps targeted users mostly in South America, Southeast Asia, and Africa by masquerading as legitimate financial aid applications. They implemented social engineering techniques to extort sensitive user data and permissions that could lead to harassment and financial loss. The malicious activities promoted through deceptive ads led users to install apps that exploit personal data. Once installed, the apps asked for inappropriate permissions, resulting in various privacy infringements. Victims were subjected to intimidation and threats, with one operation linked to a call center in Peru harassing over 7,000 individuals across multiple countries.

Description: McAfee researchers uncovered 15 SpyLoan Android apps available on Google Play, cumulatively achieving over 8 million installs, mainly targeting users across South America, Southeast Asia, and Africa. These apps engaged in social engineering tactics to siphon off sensitive user data and gain excessive permissions, leading to incidents of extortion, harassment, and considerable financial loss for the users. As a result of these malicious activities, some applications were taken down by Google for breaching Google Play policies, while others underwent updates by their developers to comply with regulations. Victims of these SpyLoan apps experienced various threats, including misuse of personal data and aggressive harassment strategies such as spamming contacts and leveraging personal photos or IDs for intimidation.

Description: The SpyLend malware, distributed through Google Play as the app 'Finance Simplified', targeted Indian users and facilitated financial crimes. Infected over 100,000 devices, the malware offered fake loan applications that captured extensive personal data, including contacts, call logs, and photos. This accessed sensitive information was then utilized for blackmail and extortion, with some cases involving manipulated victims' photos. Despite negative reviews on Google Play, the app's rapid download growth within a week and the misuse of personal data for predatory practices highlight a significant lapse in app store security and user safety.

Description: Images of the upcoming Google Pixel 9a have allegedly leaked, showing the colors and design of the device, including AI features and other hardware details. The leaks, including those from tipster Evan Blass, hint at the absence of the signature Pixel camera visor, among other features. These leaks may impact the anticipation and marketing strategies for the release of the Pixel 9a. As the leaks continue, they potentially affect customer expectations and company reputation, even though the actual device specifics are yet to be confirmed.

Description: Google confirmed a critical security flaw in Chrome affecting billions on various platforms. Identified as CVE-2025-2476, this critical memory vulnerability in the Chrome Lens component allows execution of arbitrary code via crafted web pages. Reported by SungKwon Lee, the use-after-free issue poses a threat to user data and system control, prompting an urgent update. Pre-update versions of Chrome on Windows, Mac, Linux, and Android are susceptible to heap corruption and potential system compromise. Users with privileges are at risk of unauthorized program installation, data access, and system control. Google addressed the vulnerability with updates in March 2025 and advised immediate user action to secure systems.

Description: Google Chrome encountered a critical zero-day vulnerability identified as CVE-2025-2783, being exploited through a campaign named Operation ForumTroll. Targeting various institutions, the flaw allowed attackers to escape Chrome’s sandbox, potentially enabling them to execute arbitrary code on victims' systems, with minimal interaction. Despite a prompt patch release in Chrome version 134.0.6998.177/.178, the situation posed espionage risks, likely attributed to an APT group's involvement. Organizations were urged to upgrade their browsers and enhance security protocols to prevent exploitation.

Description: A significant security vulnerability, known as 'ImageRunner', was identified in Google Cloud Platform affecting Google Artifact Registry and Google Container Registry. The issue allowed escalated privileges to access private container images, risking data leaks and unauthorized access. Although fixed, the vulnerability could enable attackers to exploit permissions via Cloud Run to extract sensitive information or infiltrate cloud resources. The exploit required specific Cloud Run edit permissions and could be utilized to create a malicious revision to exfiltrate data or compromise the service. Google addressed this by requiring explicit permissions for accessing container images during Cloud Run deployments.

Description: In its May 2025 Android Security Bulletin, Google addressed 47 distinct flaws in the Android platform, including one zero-day vulnerability (CVE-2025-27363) actively exploited in the wild. The critical issue resides in the FreeType font library, which millions of devices use to render text. A specially crafted TrueType GX or variable font file can trigger an out-of-bounds write, allowing an attacker to run arbitrary code at the system level without any user interaction. Facebook first flagged the exploit in March, warning that threat actors may already have weaponized it. The vulnerability affects all Android versions embedding vulnerable FreeType releases prior to 2.13.0, and until devices receive the May update, they remain exposed. Google has notified OEM partners at least one month before public disclosure, but patch availability will vary by brand and model. Users are strongly advised to install the May 5, 2025 (or later) security update as soon as it appears on their device and to run active anti-malware protection to guard against potential attacks leveraging this flaw.

Description: Google released an emergency update for the Chrome browser to patch an actively exploited vulnerability that could allow attackers to steal sensitive information. The vulnerability, tracked as CVE-2025-4664, affects the Chrome Loader component, which manages resource requests. The flaw allows attackers to set a referrer-policy in the Link header, causing Chrome to include full URLs with sensitive query parameters. This could lead to the theft of OAuth tokens, session identifiers, and other private data. Users are advised to update their Chrome browsers immediately to versions 136.0.7103.113/.114 for Windows and Mac, and 136.0.7103.113 for Linux.

Description: A critical vulnerability in Arm’s Mali GPU driver has been discovered, allowing malicious Android applications to bypass Memory Tagging Extension (MTE) protections and achieve arbitrary kernel code execution. This vulnerability, designated CVE-2025-0072, affects devices equipped with newer Arm Mali GPUs, including Google’s Pixel 7, 8, and 9 series smartphones. The exploit involves manipulating the CSF queue binding and unbinding processes within the driver, creating a use-after-free condition that enables the manipulation of GPU memory management structures. This vulnerability underscores the potential to compromise device security and demonstrates that modern hardware security extensions can be bypassed through sophisticated driver-level attacks.

Description: A critical zero-day vulnerability in Google Chrome’s V8 JavaScript engine, identified as CVE-2025-5419, has been actively exploited by cybercriminals. This flaw allows remote attackers to execute arbitrary code on victims’ systems through specially crafted HTML pages. The vulnerability, acknowledged by CISA, affects Google Chrome versions prior to 137.0.7151.68 and poses significant risks to millions of users worldwide. The flaw was discovered and reported by security researchers from Google’s Threat Analysis Group on May 27, 2025. Google responded swiftly, implementing an initial mitigation and releasing emergency security updates on June 3, 2025.

Description: A critical supply chain vulnerability dubbed 'GerriScary' (CVE-2025-1568) was discovered in Google's Gerrit code collaboration platform. This vulnerability allowed attackers to inject malicious code into at least 18 major Google projects, including ChromiumOS, Chromium, Dart, and Bazel. The flaw exploited misconfigurations in Gerrit, enabling unauthorized users to compromise trusted software repositories through a sophisticated attack chain. The vulnerability impacted critical projects across multiple domains, highlighting the potential for significant damage to Google's operations and reputation.

Description: A critical zero-day vulnerability, CVE-2025-6554, in Google Chrome's V8 JavaScript engine is being exploited by attackers. This flaw allows remote attackers to perform arbitrary read and write operations via malicious HTML pages, potentially leading to complete system compromise. The vulnerability affects not only Google Chrome but also other Chromium-based browsers like Microsoft Edge and Opera. The broad attack surface poses significant risks, and immediate mitigation is required to prevent widespread exploitation.

Description: Security researchers have uncovered a significant vulnerability in Google Gemini for Workspace that enables threat actors to embed hidden malicious instructions within emails. The attack exploits the AI assistant’s 'Summarize this email' feature to display fabricated security warnings that appear to originate from Google itself, potentially leading to credential theft and social engineering attacks. The vulnerability affects Gmail, Docs, Slides, and Drive, potentially enabling AI worms across Google Workspace.

Description: Google has issued an urgent warning about a critical vulnerability in Google Chromium, designated as CVE-2025-6558. The vulnerability, caused by improper input validation in Chromium’s ANGLE and GPU components, allows attackers to execute sandbox escape attacks through malicious HTML. This vulnerability affects all Chromium-based browsers, including Google Chrome, Microsoft Edge, and Opera, potentially putting millions of users at risk. The flaw enables remote code execution and bypasses browser security controls, making it a significant threat to users' data and system integrity.