Posted by Alex Rebert and Max Shavrick, Security Foundations, and Kinuko Yasuda, Core Developer Attackers regularly exploit spatial memory safety vulnerabilities, which occur when code accesses a memory allocation outside of its intended bounds, to compromise systems and sensitive data.… Read More "Retrofitting spatial safety to hundreds of millions of lines of C++"
Operation RoundPress targets webmail software to steal secrets from email accounts belonging mainly to governmental organizations in Ukraine and defense contractors in the EU 15 May 2025 ESET researchers have discovered a cyberespionage operation that abuses cross-site scripting (XSS) vulnerabilities,… Read More "Sednit abuses XSS flaws to hit gov’t entities, defense companies"
Recently, OSS-Fuzz reported 26 new vulnerabilities to open source project maintainers, including one vulnerability in the critical OpenSSL library (CVE-2024-9143) that underpins much of internet infrastructure. The reports themselves aren’t unusual—we’ve reported and helped maintainers fix over 11,000 vulnerabilities in… Read More "Finding more vulnerabilities with AI"
Artificial intelligence is on everybody’s lips these days, sparking excitement, fear and endless debates. Is it a force for good or bad – or a force we actually have yet to fully understand? We sat down with prominent computer scientist… Read More "The good, the bad and the unknown of AI: Q&A with Mária Bieliková"
Today, we are announcing the availability of Vanir, a new open-source security patch validation tool. Introduced at Android Bootcamp in April, Vanir gives Android platform developers the power to quickly and efficiently scan their custom platform code for missing security… Read More "Google Online Security Blog: Announcing the launch of Vanir: Open-source Security Patch Validation"
Corporate data breaches are a gateway to identity fraud, but they’re not the only one. Here’s a lowdown on how your personal data could be stolen – and how to make sure it isn’t. 08 Apr 2025 • , 5… Read More "1 billion reasons to protect your identity online"
DevOps teams dedicated to securing their supply chain and predicting potential risks consistently face novel threats. Fortunately, they can now improve their image and container security by harnessing Google-grade vulnerability scanning, which offers expanded open-source coverage. A significant benefit of… Read More "Google Cloud expands vulnerability detection for Artifact Registry using OSV"
When a ruse puts on a familiar face, your guard might drop, making you an easy mark. Learn how to tell a friend apart from a foe. 09 Apr 2025 • , 4 min. read News that someone close, be… Read More "So your friend has been hacked: Are you next?"
In December 2022, we announced OSV-Scanner, a tool to enable developers to easily scan for vulnerabilities in their open source dependencies. Together with the open source community, we’ve continued to build this tool, adding remediation features, as well as expanding… Read More "A library for Software Composition Analysis"
Here’s how to avoid being hit by fraudulent websites that scammers can catapult directly to the top of your search results 10 Apr 2025 • , 4 min. read When was the last time you searched for something using Google… Read More "Watch out for these traps lurking in search results"
