Latest Briefings
Android Expands AI Scam Detection to Samsung Devices and 20+ Countries
Google is rolling out Gemini-powered call and message scam detection to Samsung Galaxy S26 hardware and expanding messaging protections to more than…
Chrome Bets on Merkle Tree Certificates for Post-Quantum HTTPS
Google is developing a new certificate ecosystem built on Merkle Tree Certificates to deliver quantum-resistant HTTPS without the bandwidth penalties of traditional…
Project Zero Examines the Limits of Mutational Grammar Fuzzing
A Google Project Zero researcher outlines two fundamental weaknesses in coverage-guided grammar fuzzing and describes a practical technique for working around them.
Google VRP Pays Out Record $17M in 2025, Marking 15-Year Anniversary
Google's Vulnerability Reward Program hit an all-time high in 2025, awarding over $17 million to more than 700 researchers worldwide, a 40-plus…
How Google Continuously Hardens Workspace Against Indirect Prompt Injection
Google's GenAI Security Team details the layered, iterative pipeline it uses to discover, catalog, and defend against indirect prompt injection attacks targeting…
Chrome Launches Device Bound Session Credentials to Block Cookie Theft
Google's DBSC feature ties authentication sessions to hardware security modules, making exfiltrated cookies useless to attackers. It is now publicly available on…
Google Integrates Rust DNS Parser into Pixel 10 Modem Firmware
Google's Pixel team has embedded a memory-safe Rust-based DNS parser into the Pixel 10 cellular baseband, targeting a class of memory-safety vulnerabilities…
Google Maps Real-World Prompt Injection Abuse on the Public Web
Google's threat intelligence teams scanned billions of web pages for indirect prompt injection patterns and found a spectrum of abuse ranging from…
May 2026 Patch Tuesday: 118 Microsoft Fixes, No Zero-Days, AI Finds Bugs
Microsoft's May 2026 Patch Tuesday addresses 118 vulnerabilities with no actively exploited zero-days, while AI-assisted bug discovery is driving record patch volumes…
Project Zero Chains 0-Click to Root on Pixel 10 via VPU Driver Flaw
Google Project Zero built a working zero-click root exploit chain for the Pixel 10, pivoting from a patched Dolby audio bug to…
CISA Contractor Leaked AWS GovCloud Keys and Plaintext Passwords on GitHub
A public GitHub repository maintained by a Nightwing contractor exposed highly privileged AWS GovCloud credentials, plaintext passwords, and internal CISA system files…
Cisco Talos Uncovers BadIIS Malware-as-a-Service Ecosystem Tied to Chinese-Speaking Cybercrime
Cisco Talos researchers have identified a commodity BadIIS malware variant powering a mature malware-as-a-service operation used by Chinese-speaking threat actors to conduct…