Google disrupts proxy network used by 550+ threat groups
Google has disrupted Ipidea, a massive residential proxy network consisting of user devices that are being used as the last-mile link in cyberattack chains. “In a single …
Google agrees to pay $135 million over Android data harvesting claims
Google agrees to pay $135 million to settle a proposed class action lawsuit brought by Android smartphone users over alleged unauthorized cellular data transmissions. After …
Android just got smarter at stopping snatch-and-run phone thefts
Google announced updates to the Android theft protection features that expand existing safeguards and make stolen devices harder to use. These updates are available on Android …
Google ties AI Search to Gmail and Photos, raising new privacy questions
Google is expanding Personal Intelligence into AI Mode in Google Search to deliver more personalized search results. AI Mode can securely connect to your Gmail and Google …
Okta users under attack: Modern phishing kits are turbocharging vishing attacks
Threat actors who specialize in vishing (i.e., voice phishing) have started using phishing kits that can intercept targets’ login credentials while also allowing …
Confusion and fear send people to Reddit for cybersecurity advice
A strange charge appears on a bank account. An email claims a package is on the way. A social media account stops accepting a password that worked yesterday. When these …
January 2026 Patch Tuesday forecast: And so it continues
Welcome to a new year of my Patch Tuesday forecast blog where I provide a summary of Microsoft and other vendor’s security patch activity (and reported issues) for the month, …
December 2025 Patch Tuesday forecast: And it’s a wrap
It’s hard to believe that we’re in December of 2025 already and the end of the year is fast approaching. Looking back on the year, there are two major items that really stand …
Google fixes Android vulnerabilities “under targeted exploitation” (CVE-2025-48633, CVE-2025-48572)
Google has shipped patches for 51 Android vulnerabilities, including two high-severity flaws (CVE-2025-48633, CVE-2025-48572) that “may be under limited, targeted …
New “HashJack” attack can hijack AI browsers and assistants
Security researchers at Cato Networks have uncovered a new indirect prompt injection technique that can force popular AI browsers and assistants to deliver phishing links or …
Google adds Emerging Threats Center to speed detection and response
When a new vulnerability hits the news, security teams often scramble to find out if they are at risk. The process of answering that question can take days or weeks, involving …
November 2025 Patch Tuesday forecast: Windows Exchange Server EOL?
November 2025 Patch Tuesday is now live: Patch Tuesday: Microsoft fixes actively exploited Windows kernel vulnerability (CVE-2025-62215) October 2025 Patch Tuesday was one for …
Featured news
Resources
Don't miss
- Researchers release tool to detect stealthy BPFDoor implants in critical infrastructure networks
- AI SOC vendors are selling a future that production deployments haven’t reached yet
- A nearly undetectable LLM attack needs only a handful of poisoned samples
- Your facilities run on fragile supply chains and nobody wants to admit it
- LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks