Google reported that hackers compromised its Salesforce database, resulting in the theft of sensitive customer data. The breach highlights ongoing vulnerabilities in data security systems and raises concerns among Google’s clients regarding the safety of their information.

Researchers from Tel Aviv University have demonstrated a new type of cyber attack they call "promptware" by using calendar events to manipulate Google's AI, Gemini, into controlling smart home devices. By embedding malicious instructions in calendar appointments, they successfully executed indirect prompt injection attacks, allowing unauthorized control over devices like lights and thermostats. This incident marks a significant shift in how AI vulnerabilities can impact the physical world.

A sophisticated phishing campaign is leveraging weaknesses in Google Sites to spoof Google no-reply email addresses, allowing attackers to bypass email authentication checks. By redirecting users to deceptive Google Sites pages, the campaign exploits the platform's trusted domain and SSL certificates to appear legitimate.

Google's Cybersecurity Disruption Unit is focusing on active defense strategies, including the controversial practice of "hack back" to retaliate against cyber threats. The initiative aims to empower businesses to protect themselves more effectively against cyberattacks while navigating legal and ethical concerns surrounding such actions.

A recent phishing scam has been exploiting Google's email system by using "no-reply" addresses to trick users into revealing sensitive information. The scam takes advantage of legitimate-looking emails to bypass security measures, highlighting the need for better user awareness and email authentication practices. Google has taken steps to improve its security protocols to combat such fraudulent activities.

Google Project Zero has publicly disclosed vulnerabilities in software a week after reporting them to the respective vendors. This decision highlights the ongoing debate about the balance between transparency and responsible disclosure in the cybersecurity community. The vulnerabilities identified pose potential risks to users, emphasizing the importance of timely updates from software developers.

Google confirmed that hackers created a fraudulent account in its Law Enforcement Request System (LERS) but assured that no data was accessed. The group "Scattered Lapsus$ Hunters" claimed access to both LERS and the FBI's eCheck system, raising concerns over potential impersonation and unauthorized data access. Cybersecurity experts believe the group may continue their activities despite claims of going dark.

Google has confirmed that a data breach involving Salesforce's CRM system has occurred, putting customer data at risk. The breach has led to extortion threats against Salesforce, raising concerns about the security of cloud-based services.

Google will stop trusting root CA certificates from Chunghwa Telecom and Netlock in Chrome starting August 1, 2025, due to ongoing compliance failures and lack of improvement. Users visiting sites with these certificates will receive privacy warnings, prompting web administrators to switch to trusted CAs before the change takes effect. This decision follows a trend of tightening security requirements for certificate authorities by Google.

Misconfigured permissions in Google's Gerrit platform may have allowed attackers to inject malicious code into ChromiumOS and other projects. A specific permission issue and a race condition in the merge process potentially left at least 18 projects open to supply chain attacks, enabling malicious code to be merged without user interaction.