Fake Google and Cloudflare verification pages spread multiple malware families

ClickFix attacks, which trick people into running malicious commands themselves, continue to evolve. This latest campaign uses fake Google and Cloudflare verification pages to convince victims to infect their own devices. A single mistake can install malware that steals passwords and Read More …

Update Chrome to patch critical browser security flaws

Google released a security update for Chrome that fixes 18 vulnerabilities, including four rated Critical. There is no indication that any of these newly patched bugs are being actively exploited in the wild. The stable channel has been updated to 149.0.7827.196/197 for Read More …

Thousands of Facebook accounts stolen by phishing emails sent through Google

Researchers have uncovered a long-running phishing operation that abuses trusted Google services to hijack tens of thousands of Facebook accounts. The compromised Facebook accounts are mainly business and advertiser profiles, which criminals can monetize after gaining access and control. The Read More …

Iranian “Charming Kitten” hackers used old Cold War methods to steal tech secrets and plant malware

Iran-linked cyber operations are drawing renewed attention for relying less on advanced code and more on human manipulation to gain access to sensitive systems. At the centre of this activity is Charming Kitten, a group associated with Iran’s security apparatus Read More …

Google Authenticator: The Hidden Mechanisms of Passwordless Authentication

Passwordless authentication is often presented as the end of account takeover. But to understand the real threat landscape, we need to examine how passwordless is actually deployed in the real world. Attackers do not break protocols in theory. They target Read More …

Google patches two Chrome zero-days under active attack

Update March 16, 2026 Earlier this week, Google incorrectly reported that an actively exploited vulnerability in Chrome had been fixed, and has now announced it will roll out a new update to protect users against the vulnerability tracked as CVE-2026-3909. Read More …

Google patches 129 Android security flaws — including a potentially dangerous Qualcomm zero-day

Google has released a new security update which fixed 129 vulnerabilities in the Android ecosystem, including 10 critical-severity bugs, and one high-severity issue apparently being exploited in the wild. In a security advisory, Google said that it fixed a buffer Read More …

Android apps have leaked over 730TB of user data and Google secrets

A major security investigation has analyzed 1.8 million Android apps available on the Google Play Store, focusing on those that explicitly claim AI features, and identified worrying security flaws which may be exposing secrets. From the initial research pool, Cybernews researchers Read More …

WhisperPair exposes Bluetooth earbuds and headphones to tracking and eavesdropping

WhisperPair is a set of attacks that lets an attacker hijack many popular Bluetooth audio accessories that use Google Fast Pair and, in some cases, even track their location via Google’s Find Hub network—all without requiring any user interaction. Researchers Read More …

Google and Apple roll out emergency security updates after zero-day attacks

Apple and Google have released several software updates to protect against a hacking campaign targeting an unknown number of their users. On Wednesday, Google released patches for a handful of security bugs in its Chrome browser, noting that one of Read More …