cyber·news

INFO

Gemini Voice Assistant Hijacked via Messaging Notifications

SecurityWeek breachesransomwaresupply-chain +18 1d ago

INFO

VoidStealer Malware Darts Past Google Chrome's Encryption

rss:darkreading 30d ago

INFO

Android Adds Intrusion Logging for Sophisticated Spyware Forensics

The Hacker News 23d ago

INFO

A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens

rss:googleprojectzero 23d ago

INFO

Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI

SecurityWeek 15d ago

INFO

Google accidentally exposed details of unfixed Chromium flaw

BleepingComputer 15d ago

INFO

Google API Keys Remain Active After Deletion

rss:darkreading 15d ago

INFO

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

The Hacker News 9d ago

INFO

Google Unveils AI Threat Defense Platform to Fight AI-Powered Cyberattacks

SecurityWeek 8d ago

INFO

US charges Google security engineer with Polymarket insider trading

BleepingComputer 7d ago

INFO

Google Chrome adds session cookie theft protection for all users

BleepingComputer 7d ago

INFO

Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts

The Hacker News 4d ago

INFO

Google fixes one actively exploited Android zero-day, 124 flaws

BleepingComputer 3d ago

INFO

Google adds Android protection against AI deepfake scam calls

BleepingComputer 2d ago

INFO

Malicious Notifications Could Trick Google Gemini Users

rss:darkreading 2d ago

INFO

Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT

The Hacker News 2d ago

INFO

WhatsApp, Slack Notifications Could Hijack Google Gemini on Android

The Hacker News 2d ago

INFO

Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS

The Hacker News 1d ago

INFO

FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads

The Hacker News 1d ago

INFO

Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months

The Hacker News supply-chainbreachesmalware 1d ago

HIGH

CVE-2026-50213 (CVSS 7.5) — The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, wh...

NVD CVE-2026-50213 1d ago

CRITICAL

CVE-2026-50211 (CVSS 9.8) — Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail buil...

NVD CVE-2026-50211 1d ago

HIGH

CVE-2026-50210 (CVSS 7.5) — The device encrypts data using AES-CBC with static zero-filled Initialization Vectors (IVs), making ...

NVD CVE-2026-50210 1d ago

HIGH

CVE-2026-50209 (CVSS 7.8) — Broadcast events allow malicious software to rewrite the device's default Mobile Device Management (...

NVD CVE-2026-50209 1d ago

CRITICAL

CVE-2026-50208 (CVSS 9.4) — High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-cod...

NVD CVE-2026-50208 1d ago

HIGH

CVE-2026-50207 (CVSS 7.8) — The system Binder boundary accepts unverified pass-through AT commands, giving local applications th...

NVD CVE-2026-50207 1d ago

INFO

Cisco warns of critical Unified CM flaw with PoC exploit code

BleepingComputer breachesransomwaresupply-chain +4 1d ago

INFO

Maximum Severity Cisco SD-WAN Bug Exploited in the Wild

rss:darkreading 22d ago

INFO

Cisco Patches Critical Vulnerability in Secure Workload

SecurityWeek 15d ago

INFO

Max severity Cisco Secure Workload flaw gives Site Admin privileges

BleepingComputer 15d ago

INFO

Cisco Warns of Available PoC for Critical Unified CM Vulnerability

SecurityWeek 1d ago

HIGH

Microsoft shares mitigation for YellowKey Windows zero-day

BleepingComputer breachesransomwaresupply-chain +47 16d ago

INFO

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

The Hacker News 23d ago

INFO

Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

The Hacker News 23d ago

HIGH

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

The Hacker News 22d ago

INFO

Zero-Day Exploit Against Windows BitLocker

rss:schneier 18d ago

INFO

Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer

The Hacker News 17d ago

INFO

The New Phishing Click: How OAuth Consent Bypasses MFA

The Hacker News 17d ago

INFO

Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks

SecurityWeek 17d ago

HIGH

Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’

SecurityWeek 17d ago

INFO

Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS

rss:darkreading 17d ago

HIGH

Cybercrime service disrupted for abusing Microsoft platform to sign malware

BleepingComputer 17d ago

INFO

Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API

The Hacker News 16d ago

INFO

Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

The Hacker News 16d ago

INFO

Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass

SecurityWeek 16d ago

INFO

Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development

The Hacker News 16d ago

INFO

Microsoft warns of new Defender zero-days exploited in attacks

BleepingComputer 15d ago

INFO

Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days

SecurityWeek 15d ago

INFO

China's Webworm Uses Discord, Microsoft Graphs to Hack EU Govts.

rss:darkreading 14d ago

INFO

FBI warns of Kali365 phishing-as-a-service after April Microsoft 365 attacks

The Record 14d ago

INFO

FBI warns of Kali365 phishing service targeting Microsoft 365 accounts

BleepingComputer 11d ago

INFO

Microsoft: Domain Controller lookup may fail on Windows Server 2016

BleepingComputer 10d ago

INFO

Anthropic Expands Claude’s Enterprise Security Governance With 28 New Integrations

SecurityWeek 10d ago

INFO

Microsoft Defender can now automatically isolate hacked endpoints

BleepingComputer 10d ago

INFO

Microsoft Issues Out-of-Band SharePoint Patch

rss:darkreading 10d ago

INFO

AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites

The Hacker News 9d ago

INFO

Windows 11 KB5089573 update released with performance improvements

BleepingComputer 9d ago

INFO

Microsoft fixes KB5089549 Windows security update install issues

BleepingComputer 4d ago

INFO

Microsoft confirms outage affecting MFA, My Sign-Ins platform

BleepingComputer 4d ago

INFO

Microsoft fixes outage affecting MFA setup, MySignIn service

BleepingComputer 4d ago

INFO

Microsoft says it will not pursue security researchers after zero-day backlash

The Record 4d ago

INFO

Microsoft investigates Office Apps, Teams file access issues

BleepingComputer 4d ago

INFO

Microsoft's Zero-Day Legal Threats Spark Backlash

rss:darkreading 4d ago

INFO

Microsoft Threatening Security Researcher

rss:schneier 3d ago

INFO

Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk

SecurityWeek 3d ago

INFO

Microsoft Exchange Online outage causes email delays, failures

BleepingComputer 3d ago

INFO

FBI-Flagged Phishing Kit Kali365 Expands Its Reach

rss:darkreading 3d ago

INFO

Microsoft's Coreutils project brings Linux commands to Windows

BleepingComputer 3d ago

INFO

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

The Hacker News 2d ago

INFO

Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash

SecurityWeek 2d ago

INFO

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

The Hacker News 2d ago

INFO

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

The Hacker News 2d ago

INFO

Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover

rss:darkreading 2d ago

INFO

VS Code Vulnerability Allows One-Click GitHub Token Theft

SecurityWeek 1d ago

INFO

Researcher publishes GitHub token-stealing exploit, blames Microsoft’s disclosure process

The Record 1d ago

INFO

Microsoft blames unexpected Windows driver updates on caching issue

BleepingComputer 1d ago

INFO

PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network

The Hacker News 19h ago

INFO

New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework

The Hacker News 12h ago

INFO

Chinese APT deploys new malware to keep access to hacked networks

BleepingComputer 6h ago

CRITICAL

CVE-2026-45247: Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability (Mirasvit Mirasvit Full Page Cache Warmer)

CISA KEV CVE-2026-45247actively-exploited +2 3d ago

CRITICAL

CVE-2026-45247 (CVSS 9.8) — Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection...

NVD 10d ago

INFO

CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog

The Hacker News 1d ago

HIGH

CVE-2026-50205 (CVSS 8.2) — System log files output unencrypted SMTP server authentication passwords alongside sensitive employe...

NVD CVE-2026-50205 1d ago

HIGH

CVE-2026-49203 (CVSS 8.3) — Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, ...

NVD CVE-2026-49203 1d ago

HIGH

CVE-2026-49202 (CVSS 8.6) — Internal multimedia session archives are accessible without authentication, exacerbated by loose Cro...

NVD CVE-2026-49202 1d ago

HIGH

CVE-2026-49194 (CVSS 8.8) — The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prom...

NVD CVE-2026-49194 1d ago

HIGH

CVE-2026-49193 (CVSS 7.5) — Overly permissive configuration settings on cloud storage containers expose active telemetry informa...

NVD CVE-2026-49193 1d ago

CRITICAL

CVE-2026-49191 (CVSS 9.8) — The production build of the M3WebServer hard-codes its backend API keys, which can be easily interce...

NVD CVE-2026-49191 1d ago

HIGH

CVE-2026-49190 (CVSS 8.8) — The system fails to evaluate instructional permissions over multiple internal operation codes (opcod...

NVD CVE-2026-49190 1d ago

HIGH

CVE-2026-49189 (CVSS 7.8) — Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software c...

NVD CVE-2026-49189 1d ago

CRITICAL

CVE-2026-49188 (CVSS 9.8) — The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), ...

NVD CVE-2026-49188 1d ago

HIGH

CVE-2026-49187 (CVSS 7.5) — The hard-coded APK resource files never expire, and the shared scepter leads to information leaks an...

NVD CVE-2026-49187 1d ago

INFO

DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets

The Hacker News supply-chainbreachesmalware 1d ago

CRITICAL

CVE-2026-49186 (CVSS 9.8) — The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any clie...

NVD CVE-2026-49186 1d ago

CRITICAL

CVE-2026-49185 (CVSS 9.8) — The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing...

NVD CVE-2026-49185 1d ago

MEDIUM

CVE-2026-48681 (CVSS 5.9) — OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployme...

NVD CVE-2026-48681 1d ago

INFO

Pakistan Spies on Afghan Finance Ministry With Xeno RAT

rss:darkreading breachesmalwarethreat-actors 1d ago

HIGH

CVE-2026-10737 (CVSS 7.5) — The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a...

NVD CVE-2026-10737 1d ago

HIGH

CVE-2026-10777 (CVSS 7.3) — A vulnerability was identified in ealpha072 Student-Management-System up to 01451bd7a2f58cdda07bd0b8...

NVD CVE-2026-10777 2d ago

MEDIUM

CVE-2026-46447 (CVSS 5.8) — OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can se...

NVD CVE-2026-46447 2d ago

HIGH

CVE-2026-10771 (CVSS 7.3) — A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate.getForEntit...

NVD CVE-2026-10771 2d ago

INFO

Attackers Use AI to Automate EDR Evasion Testing

rss:darkreading breachesmalwarethreat-actors 2d ago

INFO

Tropical Blend: Cyber & Politics Ramp Up Across Latin America

rss:darkreading breachesmalwarethreat-actors 2d ago

HIGH

CVE-2026-8889 (CVSS 7.5) — Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matchin...

NVD CVE-2026-8889 2d ago

HIGH

CVE-2026-8888 (CVSS 7.5) — Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-pr...

NVD CVE-2026-8888 2d ago

INFO

Cyber Insurance Rates Are Dropping, but Exclusions Widen

rss:darkreading breachesmalwarethreat-actors 2d ago

HIGH

CVE-2026-20230 (CVSS 8.6) — A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communication...

NVD CVE-2026-20230 +1 2d ago

INFO

Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public

The Hacker News 1d ago

INFO

Coralogix Raises $200M at $1.6B Valuation to Scale AI Observability Platform

SecurityWeek breachesransomwaresupply-chain 2d ago

CRITICAL

CVE-2026-5241 (CVSS 9.6) — A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows...

NVD CVE-2026-5241 2d ago

HIGH

CVE-2022-49042 (CVSS 7.8) — An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in ...

NVD CVE-2022-49042 2d ago

HIGH

CVE-2022-49036 (CVSS 7.8) — An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration i...

NVD CVE-2022-49036 2d ago

INFO

Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)

The Hacker News CVE-2026-23479supply-chainbreaches 2d ago

HIGH

CVE-2026-35085 (CVSS 8.8) — A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to ga...

NVD CVE-2026-35085 2d ago

HIGH

CVE-2026-35084 (CVSS 8.8) — A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain...

NVD CVE-2026-35084 2d ago

HIGH

CVE-2026-35083 (CVSS 8.8) — A remote attacker with user privileges can exploit a stack buffer overflow to gain full system acces...

NVD CVE-2026-35083 2d ago

HIGH

CVE-2026-35082 (CVSS 8.8) — The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files...

NVD CVE-2026-35082 2d ago

HIGH

CVE-2026-35081 (CVSS 8.1) — The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processe...

NVD CVE-2026-35081 2d ago

Prev Page 3 / 38 Next

INFO SecurityWeek Thu, 04 Jun 2026 12:57:37 UTC

Gemini Voice Assistant Hijacked via Messaging Notifications

https://www.securityweek.com/gemini-voice-assistant-hijacked-via-messaging-notifications/

TL;DR

Attackers could have triggered dangerous actions, including controlling smart home devices via Google Home and starting Zoom video calls. The post Gemini Voice Assistant Hijacked via Messaging Notifications appeared first on SecurityWeek .

breachesransomwaresupply-chain

Read full story ↗