Palo Alto's Unit 42 disclosed a flaw, nicknamed Pickle in the Middle, in Google Cloud's Vertex AI SDK for Python that let an attacker with no access to a victim's project hijack their machine-learning model uploads and run code across tenant boundaries. When a model was uploaded without a custom staging bucket, the SDK generated a predictable storage bucket name from the project ID and region and failed to verify ownership, so an attacker could pre-create that bucket, receive the victim's model, and swap in a malicious one that executes on deployment. Google fully fixed it in SDK version 1.148.0 in April; Unit 42 saw no exploitation in the wild.
Google has filed suit against a Chinese cybercrime network it says abused its Gemini AI to mass-produce phishing text messages and fake websites targeting Americans. The group runs a phishing-as-a-service kit called Outsider and used Gemini to generate fraudulent pages and large smishing campaigns. The texts impersonate trusted brands, warning of "brokerage account issues" or dangling carrier "rewards," and link to lookalike sites that harvest personal and financial details. Google says the lawsuit aims to dismantle the network's infrastructure. The case underscores how criminals are folding mainstream AI tools into industrialized phishing operations.
Google has shipped an emergency Chrome fix for a zero-day in V8, the browser's JavaScript and WebAssembly engine, that attackers are already exploiting in the wild. The flaw (CVE-2026-11645, rated 8.8) is an out-of-bounds memory read and write that lets a malicious web page run code inside Chrome's sandbox, and can help defeat protections like ASLR to set up a fuller compromise. Google confirmed an exploit exists but withheld details until most users update. It is the fifth actively exploited Chrome zero-day of 2026. The fix is in Chrome 149.0.7827.102/103 for desktop; Chromium-based browsers like Edge and Brave need the same update.
Google shipped Chrome 149 with fixes for 429 security bugs, the most ever in a single Chrome release. More than 100 are rated critical or high. The worst, an out-of-bounds read and write in the ANGLE graphics engine that Chrome uses to render web pages, lets a booby-trapped website break out of the browser's protective sandbox and run code on the victim's computer; Google paid a $97,000 bounty for it. None are confirmed under attack yet, but a sandbox escape is the kind of bug attackers race to weaponize, so patching before that happens matters.
Google has released the June 2026 Android security patches addressing 124 vulnerabilities, including CVE-2025-48595, a high-severity Android Framework flaw under limited, targeted exploitation. Local attackers can abuse it to gain code execution and escalate privileges on Android 14 or later. Google fixed 18 critical vulnerabilities this cycle across System, Framework, and Qualcomm closed-source components; the most severe is a critical Framework flaw enabling remote privilege escalation with no user interaction. Two patch levels shipped (2026-06-01 and 2026-06-05). CISA added CVE-2025-48595 to its KEV catalog the same day. Pixel devices get updates immediately; other vendors typically lag. Similar Android Framework flaws have historically been abused by commercial spyware.
Foxconn confirmed Tuesday that a cyberattack hit several North American factories, with its Wisconsin Mount Pleasant facility halting production for a week starting May 1. Workers were told to power off computers and revert to paper timesheets. Nitrogen ransomware group claimed responsibility, posting 8 TB of stolen data covering 11 million files - allegedly including project documentation tied to Apple, Intel, Google, Dell, AMD, and Nvidia. Foxconn says production is resuming. This is the fourth ransomware attack on a Foxconn entity since 2020.
Guardio documented a Vietnamese-linked fraud operation that has stolen roughly 30,000 Facebook business accounts by abusing Google's AppSheet no-code platform as a phishing relay. Because the phishing emails come from noreply@appsheet.com (a real Google address), they pass SPF, DKIM, and DMARC checks that normally catch fake-Meta emails. The lures impersonate Meta Support and threaten account deletion within 24 hours unless the user 'submits an appeal.' Stolen credentials, 2FA codes, and government ID photos are exfiltrated to Telegram. The operators then sell the stolen accounts back to victims through their own recovery service.
Google overhauled its Vulnerability Reward Program for Android and Chrome on May 1 in response to AI tools reshaping bug hunting. The maximum Pixel Titan M reward jumped to $1.5 million for a zero-click exploit with persistence. Chrome payouts dropped across categories. Google is rewarding 'actionable reports' with concrete exploits and suggested fixes rather than raw bug volume - a response to AI tools like Anthropic's Mythos and OpenAI's GPT-5.4-Cyber generating more vulnerability reports than security teams can triage. Google paid a record $17.1 million in 2025 (up 40% from 2024) and expects 2026 aggregate rewards to increase further despite per-bug cuts.
Google patched a critical flaw in Gemini CLI, the command-line tool developers use to interact with Gemini models from CI pipelines and dev workstations. CVSS 10.0. The bug let an attacker execute arbitrary code on the developer's machine by feeding crafted input to the CLI - specifically through the same pattern that compromised LiteLLM and several other AI tools recently. A separate but related set of flaws in Cursor, the AI-powered IDE, also enables code execution. The pattern across all these AI dev tools is the same: input validation gaps where attacker-controlled prompts or model output reach a shell or code execution path.
Google pushed an emergency Chrome update to fix a use-after-free bug in Dawn, the engine behind Chrome's WebGPU graphics standard. CVE-2026-5281 is already being exploited - an attacker who has compromised the browser's renderer process can use a crafted HTML page to execute arbitrary code, potentially escaping Chrome's sandbox. This is the fourth actively exploited Chrome zero-day in 2026, and the third targeting graphics or rendering subsystems. CISA added it to the KEV catalog with an April 15 deadline.