Google Cloud Application Integration phishing campaign
Campaign
Summary
Hide ▲
Show ▼
An active phishing campaign abused Google Cloud Application Integration to send messages from a legitimate Google address and push recipients toward a fake Microsoft login page for credential theft. Over 14 days in December 2025, attackers sent 9,394 emails to about 3,200 customers across the U.S., Asia-Pacific, Europe, Canada, and Latin America. The operation used storage.cloud.google[.]com and googleusercontent[.]com to evade filters, and Google has blocked the abuse and is taking further steps.
Related Happenings
Chrome extension PUP distribution network with fake organic traffic
Malware Activity
H score18
First: 15.06.2026 14:07
Last: 15.06.2026 14:07
Sources 1
About this happening:
A network of **152 Google Chrome extensions** is distributing a **potentially unwanted program (PUP) family** through new-tab live-wallpaper add-ons, creating a broad browser-base...
Chrome extension PUP distribution network with fake organic traffic
Malware ActivityAbout this happening: A network of **152 Google Chrome extensions** is distributing a **potentially unwanted program (PUP) family** through new-tab live-wallpaper add-ons, creating a broad browser-base...
Gmail adds enterprise E2EE on Android and iOS
Security Tool/Service
H score15
First: 13.04.2026 11:31
Last: 13.04.2026 11:31
Sources 1
About this happening:
**Google Gmail** now offers **end-to-end encryption (E2EE)** for **enterprise users** on **Android and iOS**, adding a concrete privacy control for mobile email. The rollout matte...
Gmail adds enterprise E2EE on Android and iOS
Security Tool/ServiceAbout this happening: **Google Gmail** now offers **end-to-end encryption (E2EE)** for **enterprise users** on **Android and iOS**, adding a concrete privacy control for mobile email. The rollout matte...
Google Gmail adds native end-to-end encryption on Android and iOS for enterprise users
Security Tool/Service
H score11
First: 10.04.2026 13:44
Last: 10.04.2026 13:44
Sources 1
About this happening:
Google has rolled out **native Gmail end-to-end encryption** on **Android** and **iOS**, letting enterprise users read and compose encrypted mail in the app without extra tools. T...
Google Gmail adds native end-to-end encryption on Android and iOS for enterprise users
Security Tool/ServiceAbout this happening: Google has rolled out **native Gmail end-to-end encryption** on **Android** and **iOS**, letting enterprise users read and compose encrypted mail in the app without extra tools. T...
QuickLens - Search Screen with Google Lens hit by network compromise
Incident
H score57
First: 28.02.2026 21:18
Last: 28.02.2026 21:18
Sources 1
About this happening:
The **QuickLens - Search Screen with Google Lens** Chrome extension was **compromised** and used to **push malware** to about **7,000 users**, creating risk of **credential theft*...
QuickLens - Search Screen with Google Lens hit by network compromise
IncidentAbout this happening: The **QuickLens - Search Screen with Google Lens** Chrome extension was **compromised** and used to **push malware** to about **7,000 users**, creating risk of **credential theft*...
Google confidential AI materials theft and upload
Data Leak
H score31
First: 31.01.2026 19:33
Last: 31.01.2026 19:33
Sources 1
About this happening:
Google's **confidential AI materials** were stolen and uploaded to a **personal Google Cloud account**, exposing over **2,000 pages** of sensitive design information. The leak cov...
Google confidential AI materials theft and upload
Data LeakAbout this happening: Google's **confidential AI materials** were stolen and uploaded to a **personal Google Cloud account**, exposing over **2,000 pages** of sensitive design information. The leak cov...
Timeline
-
02.01.2026 11:14 2 articles · 6mo ago
Google Cloud Application Integration phishing campaign disclosed
Initial DisclosureCybersecurity researchers disclosed a phishing campaign that abused Google Cloud's Application Integration Send Email task to send messages from noreply-application-integration@google[.]com, impersonating routine Google-generated notices and routing victims through storage.cloud.google[.]com and googleusercontent[.]com to a fake Microsoft login page for credential theft. The activity targeted approximately 3,200 customers with 9,394 phishing emails over a 14-day period observed in December 2025, with affected organizations in the U.S., Asia-Pacific, Europe, Canada, and Latin America, and Google subsequently blocked the phishing efforts and said it was taking more steps to prevent further misuse.
Show sources
- Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign — thehackernews.com — 02.01.2026 11:14
- Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign — thehackernews.com — 02.01.2026 11:14