YouTube is currently facing a global outage, with users reporting playback errors on both the website and mobile apps. [...]

Google has released a partial patch for the Pixnapping attack and is working on an additional fix.

The post Pixnapping Attack Steals Data From Google, Samsung Android Phones appeared first on SecurityWeek.

Google is updating the Chrome web browser to automatically revoke notification permissions for websites that haven't been visited recently, to reduce alert overload. [...]

The company has updated the program’s scope and has combined the rewards for abuse and security issues into a single table.

The post Google Offers Up to $20,000 in New AI Bug Bounty Program appeared first on SecurityWeek.

This week, Google has launched an AI Vulnerability Reward Program dedicated to security researchers who find and report flaws in the company's AI systems. [...]

An anonymous reader shares a report: Changes are coming to the Play Store in spite of a concerted effort from Google to maintain the status quo. The company asked the US Supreme Court to freeze parts of the Play Store antitrust ruling while it pursued an appeal, but the high court has rejected that petition. That means the first elements of the antitrust remedies won by Epic Games will have to be implemented in mere weeks. The app store case is one of three ongoing antitrust actions against Google, but it's the furthest along of them. Google lost the case in 2023, and in 2024, US District Judge James Donato ordered a raft of sweeping changes aimed at breaking Google's illegal monopoly on Android app distribution. In July, Google lost its initial appeal, leaving it with little time before the mandated changes must begin. [...] The more dramatic changes are not due until July 2026, but this month will still bring major changes to Android apps. Google will have to allow developers to link to alternative methods of payment and download outside the Play Store, and it cannot force developers to use Google Play Billing within the Play Store. Google is also prohibited from setting prices for developers.

Read more of this story at Slashdot.

Google will discontinue Gmailify and POP email support in January 2026, forcing users who rely on these features to switch to IMAP. PCWorld reports: These changes only affect future emails. Emails that have already been synchronized in the Gmail account will remain the same. External accounts can still be used in the Gmail app, but only via IMAP. Google also recommends that users with work or education accounts contact their administrators if a Google Workspace migration is needed. For many Gmail users, these changes will likely mean getting used to the new system. Anyone who previously upgraded their external email accounts with Gmailify or integrated them via POP will have to switch to IMAP by January 2026 at the latest and do without some convenient functions, like spam filters and automatic sorting.

Read more of this story at Slashdot.

Google says that Gmail enterprise users can now send end-to-end encrypted emails to people who use any email service or platform. [...]

An anonymous reader shares a report: Google said hackers are sending extortion emails to an unspecified number of executives, claiming to have stolen sensitive data from their Oracle business applications. In a statement, Google said a group claiming affiliation with the ransomware gang cl0p, opens new tab was sending emails to "executives at numerous organizations claiming to have stolen sensitive data from their Oracle E-Business Suite." Google cautioned that it "does not currently have sufficient evidence to definitively assess the veracity of these claims."

Read more of this story at Slashdot.

F-Droid is warning that the project could reach an end due to Google's new requirements for all Android developers to verify their identity. [...]

Google has begun rolling out a new AI-powered security feature for Google Drive desktop, which will automatically pause file syncing when it detects a ransomware attack to minimize impact. [...]

An anonymous reader quotes a report from The Guardian: After deflecting the US Department of Justice's attack on its illegal monopoly in online search, Google is facing another attempt to dismantle its internet empire in a trial focused on abusive tactics in digital advertising. The trial that opened Monday in an Alexandria, Virginia, federal court revolves around the harmful conduct that resulted in US district Judge Leonie Brinkema declaring parts of Google's digital advertising technology to be an illegal monopoly in April. The judge found that Google has been engaging in behavior that stifles competition to the detriment of online publishers that depend on the system for revenue. Google and the justice department will spend the next two weeks in court presenting evidence in a "remedy" trial that will culminate in Brinkema issuing a ruling on how to restore fair market conditions. If the justice department gets its way, Brinkema will order Google to sell parts of its ad technology -- a proposal that the company's lawyers warned would "invite disruption and damage" to consumers and the internet's ecosystem. The justice department contends a breakup would be the most effective and quickest way to undercut a monopoly that has been stifling competition and innovation for years. [...] The case, filed in 2023 under Joe Biden's administration, threatens the complex network that Google has spent the past 17 years building to power its dominant digital advertising business. Digital advertising sales account for most of the $305 billion in revenue that Google's services division generates for its corporate parent Alphabet. The company's sprawling network of display ads provide the lifeblood that keeps thousands of websites alive. Google believes it has already made enough changes to its "ad manager" system, including providing more options and pricing options, to resolve the problems Brinkema flagged in her monopoly ruling.

Read more of this story at Slashdot.

Ambitious, suspected Chinese hackers with a slew of goals — stealing intellectual property, mining intelligence on national security and trade, developing avenues for future advanced cyberattacks — have been setting up shop inside U.S. target networks for exceptionally long stretches of time, in a breach that the researchers who uncovered it said could present problems for years to come.

Mandiant and Google Threat Intelligence Group (GTIG) researchers described the campaign as exceptionally sophisticated, stealthy and complex, calling those behind it a “next-level threat.” But they don’t yet have a full handle on who the hackers are behind the malware they’ve dubbed Brickstorm, or how far it stretches. A blog post the company posted Wednesday sheds light on the group.

The primary targets are legal services organizations and tech companies that provide security services, the researchers said. But the hackers aren’t limiting their interest to the primary targets, since they’ve used that access to infiltrate “downstream” customers. The researchers declined to describe those downstream customers, or say whether U.S. federal agencies are among those targeted. A great many of them don’t know yet that they’re victims, they said.

By stealing intellectual property from security-as-a-service (SaaS) firms, the hackers aim to find future zero-day vulnerabilities, a kind of vulnerability that is previously unknown and unpatched and thus highly prized, in order to enable more attacks down the line, the researchers from Mandiant and its parent company Google said.

The researchers declined to comment on possible Chinese government agency connections. But they see overlap with Chinese hacking groups like the one they’ve labeled UNC5221 — perhaps best known for exploiting Ivanti flaws, and a group that Mandiant and GTIIG described as the “most prevalent” Chinese-centered threat group right now — and the one Microsoft calls Silk Typhoon, which researchers warned recently has been ramping up its attacks this year, with targets including IT supply chains and the cloud. Silk Typhoon is believed to be Chinese government-sponsored. 

The company has also developed a tool for potential victims to discover if they’ve been affected by Brickstorm activity, which Google experts indicated is a distinct possibility that could impact scores of organizations over the coming weeks.

“We have no doubt that organizations will use our tools to hunt for this adversary, and they will find evidence of compromise in their environments,” Charles Carmakal, chief technology officer at Mandiant Consulting, told reporters briefed on the blog post. “And it may be active compromises, it might be historic compromises, but many of our organizations are going to discover that they were dealing with this adversary.” 

Sneaky, sneaky

The campaign’s average “dwell time” is 400 days, they said, compared to dwell times more commonly measured in days or weeks. 

Several features obscure Brickstorm activity. “It’s very hard to detect them and to investigate them,” said Austin Larsen, principal threat analyst at GTIG.

The hackers target systems that don’t support defenses for finding and tracking threats on endpoints, such as laptops or cell phones. Examples of target systems that don’t support that kind of endpoint detection and response (EDR) include email security gateways or vulnerability scanners. They consistently target VMware vCenter and ESXi hosts, according to the blog post.

The researchers also never see overlap between the internet protocols of the attackers between victims, Larsen said, or another way of identifying attackers: “The hashes when they land on this are different for essentially every system.”

Brickstorm attackers also “clean up after themselves” at times, Carmakal said. “Brickstorm may not exist in a victim environment today, but it could have been there for a year and a half. It might have been deleted back in April this year, back in January this year,” he said.

What they want

Brickstorm also isn’t just about one goal. “It’s an intelligence operation, but not just an intelligence operation,” said John Hultquist, chief analyst at GTIG. “This is a long-term play.”

The hackers are primarily compromising victims through zero-days, but they’re aiming to uncover new ones, too, by going through companies’ proprietary source code. That gives them multiple ways to penetrate new victim networks.

The Brickstorm hackers “hit the SaaS providers, who either hold data for people, or they have some connectivity to downstream,” Hultquist said. Or he said the group can “get a hold of the technology source code and leverage that source code information to gain access or to build out exploits in that technology, which would then give [them] basically a skeleton key to that technology.”

But its victims can be even more precise than that. “As part of this campaign, we observed in some organizations — including some legal organizations — we observed the actor searching the emails of very specific individuals,” Larsen said. The hackers have focused on collecting espionage on international trade and national security from those organizations.

Google has been tracking Brickstorm for a while now. This spring, Belgian cybersecurity company NVISO also shined the spotlight on Brickstorm variants spying on European businesses. Google’s latest blog post identifies Brickstorm activity as far more extensive than previously described.

The response

Mandiant and GTIG have notified U.S. federal agencies and international governments about the campaign.

The tool is a scanner script that can be used on Unix systems, even if YARA (a common security tool used to find and identify malware) isn’t installed. This script is designed to do the same type of search as a specific YARA rule by looking for certain words and patterns that are unique to the Brickstorm backdoor.

“The most important thing here is, if you find Brickstorm, you really need to do a very thorough enterprise investigation, because the adversary that’s dropping this is a very, very advanced adversary that is known for stealing intellectual property from organizations,” Carmakal said. “It’s known for using access from victim companies to get into downstream customer environments.”

It’s all a “very, very significant threat campaign [that’s] very, very hard to defend against in tech,” Carmakal said.

Updated 9/24/25: with additional information about past Brickstorm reporting.

The post Brickstorm malware powering ‘next-level’ Chinese cyberespionage campaign appeared first on CyberScoop.

L1TF Reloaded is a vulnerability combining the old L1TF and half-Spectre hardware flaws to bypass deployed software mitigations.

The post Researchers Earn $150,000 for L1TF Exploit Leaking Data From Public Cloud appeared first on SecurityWeek.

Powerful companies typically combine traditional lobbying and strategies used by civil society organizations when regulatory pressures threaten their core business model.

The post Google Launched Behind-the-Scenes Campaign Against California Privacy Legislation; It Passed Anyway appeared first on SecurityWeek.

Google has confirmed that hackers created a fraudulent account in its Law Enforcement Request System (LERS) platform that law enforcement uses to submit official data requests to the company [...]

Google is updating Gmail with a new Purchases tab that collects all delivery-related emails in one place, along with package-tracking cards at the top of the inbox for shipments arriving that day. Engadget reports: Each card comes with a "See item" or a "Track Package" button that you can click or tap without having to search for the original delivery email. The new delivery tab will start showing up in your personal Gmail accounts starting today. In addition, Google is updating Gmail's Promotions tab, allowing you to sort the emails in it by "most relevant." Gmail will decide which brands and emails are most relevant for you based on what you've interacted with the most in the past. It will also send you "nudges" on upcoming deals and offers that are set to expire soon. You'll see the changes to the Promotions tab in the coming weeks.

Read more of this story at Slashdot.

Google is integrating C2PA Content Credentials into the Pixel 10 camera and Google Photos, to help users distinguish between authentic, unaltered images and those generated or edited with artificial intelligence technology. [...]

Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known “zero-day” or actively exploited vulnerabilities in this month’s bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft’s most-dire “critical” label. Meanwhile, both Apple and Google recently released updates to fix zero-day bugs in their devices.

Microsoft assigns security flaws a “critical” rating when malware or miscreants can exploit them to gain remote access to a Windows system with little or no help from users. Among the more concerning critical bugs quashed this month is CVE-2025-54918. The problem here resides with Windows NTLM, or NT LAN Manager, a suite of code for managing authentication in a Windows network environment.

Redmond rates this flaw as “Exploitation More Likely,” and although it is listed as a privilege escalation vulnerability, Kev Breen at Immersive says this one is actually exploitable over the network or the Internet.

“From Microsoft’s limited description, it appears that if an attacker is able to send specially crafted packets over the network to the target device, they would have the ability to gain SYSTEM-level privileges on the target machine,” Breen said. “The patch notes for this vulnerability state that ‘Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network,’ suggesting an attacker may already need to have access to the NTLM hash or the user’s credentials.”

Breen said another patch — CVE-2025-55234, a 8.8 CVSS-scored flaw affecting the Windows SMB client for sharing files across a network — also is listed as privilege escalation bug but is likewise remotely exploitable. This vulnerability was publicly disclosed prior to this month.

“Microsoft says that an attacker with network access would be able to perform a replay attack against a target host, which could result in the attacker gaining additional privileges, which could lead to code execution,” Breen noted.

CVE-2025-54916 is an “important” vulnerability in Windows NTFS — the default filesystem for all modern versions of Windows — that can lead to remote code execution. Microsoft likewise thinks we are more than likely to see exploitation of this bug soon: The last time Microsoft patched an NTFS bug was in March 2025 and it was already being exploited in the wild as a zero-day.

“While the title of the CVE says ‘Remote Code Execution,’ this exploit is not remotely exploitable over the network, but instead needs an attacker to either have the ability to run code on the host or to convince a user to run a file that would trigger the exploit,” Breen said. “This is commonly seen in social engineering attacks, where they send the user a file to open as an attachment or a link to a file to download and run.”

Critical and remote code execution bugs tend to steal all the limelight, but Tenable Senior Staff Research Engineer Satnam Narang notes that nearly half of all vulnerabilities fixed by Microsoft this month are privilege escalation flaws that require an attacker to have gained access to a target system first before attempting to elevate privileges.

“For the third time this year, Microsoft patched more elevation of privilege vulnerabilities than remote code execution flaws,” Narang observed.

On Sept. 3, Google fixed two flaws that were detected as exploited in zero-day attacks, including CVE-2025-38352, an elevation of privilege in the Android kernel, and CVE-2025-48543, also an elevation of privilege problem in the Android Runtime component.

Also, Apple recently patched its seventh zero-day (CVE-2025-43300) of this year. It was part of an exploit chain used along with a vulnerability in the WhatsApp (CVE-2025-55177) instant messenger to hack Apple devices. Amnesty International reports that the two zero-days have been used in “an advanced spyware campaign” over the past 90 days. The issue is fixed in iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8.

The SANS Internet Storm Center has a clickable breakdown of each individual fix from Microsoft, indexed by severity and CVSS score. Enterprise Windows admins involved in testing patches before rolling them out should keep an eye on askwoody.com, which often has the skinny on wonky updates.

AskWoody also reminds us that we’re now just two months out from Microsoft discontinuing free security updates for Windows 10 computers. For those interested in safely extending the lifespan and usefulness of these older machines, check out last month’s Patch Tuesday coverage for a few pointers.

As ever, please don’t neglect to back up your data (if not your entire system) at regular intervals, and feel free to sound off in the comments if you experience problems installing any of these fixes.

Google has stated in a court filing that "the open web is already in rapid decline," contradicting recent public statements from executives including its CEO Sundar Pichai and Search VP Nick Fox, who maintained in May that web publishing and the web were thriving. The admission appeared in Google's response to a divestiture proposal, arguing that breaking up the company would accelerate the decline and harm publishers dependent on open-web display advertising revenue. Google's VP of Global Ads Dan Taylor has since clarified the company was referring specifically to open-web display advertising, not the entire open web.

Read more of this story at Slashdot.