Google's Vertex AI Is Over-Privileged. That's a Problem
Palo Alto Networks researchers show how attackers could exploit AI agents on Google's Vertex AI to steal data and break into restricted cloud infrastructure.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Palo Alto Networks researchers show how attackers could exploit AI agents on Google's Vertex AI to steal data and break into restricted cloud infrastructure.
Forget stolen credentials and misconfigurations. Thanks to AI, the new top cause of compromises in the cloud is vulnerability exploits that beat patching cycles.
Konni, a subset of the state-sponsored DPRK cyberespionage group, first exploits Google Find Hub, which ironically aims to protect lost Android devices, to remotely wipe devices.
The proof-of-concept exploit allows an attacker to steal sensitive data from Gmail, Google Accounts, Google Authenticator, Google Maps, Signal, and Venmo.
If exploited, bad actors can execute arbitrary code while evading detection thanks to a renamed process.
Google has rolled an emergency patch for CVE-2024-4947, the third Chrome zero-day it's addressed in the past week.
Exploit code is circulating for CVE-2024-4761, disclosed less than a week after a similar security vulnerability was disclosed as being used in the wild.
Advanced adversaries are increasingly focused on enterprise technologies and their vendors, while end-user platforms are having success stifling zero-day exploits with cybersecurity investments, according to Google.
Private spyware vendors were behind nearly half of all zero-day exploits in Google products since 2014.
So far this year, Google has disclosed six vulnerabilities that attackers were actively exploiting before the company had a patch for them.
Because the security vulnerability is under active exploit, Google isn't releasing full details of the flaw while users could remain vulnerable.
Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.
The framework has ties back to a Spanish exploit broker called Variston IT, and offers a one-stop shop for compromising Chrome, Defender and Firefox.
An analysis from Google TAG shows that Android zero-day exploits were packaged and sold for state-backed surveillance.