Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Google Cloud Application Integration phishing campaign

Campaign
First reported
Last updated
Happening score
H score 36
1 unique sources, 1 articles

Summary

Hide ▲

An active phishing campaign abused Google Cloud Application Integration to send messages from a legitimate Google address and push recipients toward a fake Microsoft login page for credential theft. Over 14 days in December 2025, attackers sent 9,394 emails to about 3,200 customers across the U.S., Asia-Pacific, Europe, Canada, and Latin America. The operation used storage.cloud.google[.]com and googleusercontent[.]com to evade filters, and Google has blocked the abuse and is taking further steps.

Related Happenings

Gmail adds enterprise E2EE on Android and iOS

Security Tool/Service
First: 13.04.2026 11:31 Last: 13.04.2026 11:31 Sources 1

About this happening: **Google Gmail** now offers **end-to-end encryption (E2EE)** for **enterprise users** on **Android and iOS**, adding a concrete privacy control for mobile email. The rollout matte...

Open Happening

Google Gmail adds native end-to-end encryption on Android and iOS for enterprise users

Security Tool/Service
First: 10.04.2026 13:44 Last: 10.04.2026 13:44 Sources 1

About this happening: Google has rolled out **native Gmail end-to-end encryption** on **Android** and **iOS**, letting enterprise users read and compose encrypted mail in the app without extra tools. T...

Open Happening

QuickLens - Search Screen with Google Lens hit by network compromise

Incident
First: 28.02.2026 21:18 Last: 28.02.2026 21:18 Sources 1

About this happening: The **QuickLens - Search Screen with Google Lens** Chrome extension was **compromised** and used to **push malware** to about **7,000 users**, creating risk of **credential theft*...

Open Happening

Google confidential AI materials theft and upload

Data Leak
First: 31.01.2026 19:33 Last: 31.01.2026 19:33 Sources 1

About this happening: Google's **confidential AI materials** were stolen and uploaded to a **personal Google Cloud account**, exposing over **2,000 pages** of sensitive design information. The leak cov...

Open Happening

Malicious Chrome extensions hijack Workday, NetSuite, and SuccessFactors sessions

Malware Activity
First: 16.01.2026 16:09 Last: 16.01.2026 16:09 Sources 1

About this happening: **Five malicious Google Chrome extensions** are impersonating **Workday, NetSuite, and SuccessFactors** to steal credentials and hijack victim sessions, creating immediate **accou...

Open Happening

Timeline

  1. 02.01.2026 11:14 2 articles · 4mo ago

    Google Cloud Application Integration phishing campaign disclosed

    Initial Disclosure

    Cybersecurity researchers disclosed a phishing campaign that abused Google Cloud's Application Integration Send Email task to send messages from noreply-application-integration@google[.]com, impersonating routine Google-generated notices and routing victims through storage.cloud.google[.]com and googleusercontent[.]com to a fake Microsoft login page for credential theft. The activity targeted approximately 3,200 customers with 9,394 phishing emails over a 14-day period observed in December 2025, with affected organizations in the U.S., Asia-Pacific, Europe, Canada, and Latin America, and Google subsequently blocked the phishing efforts and said it was taking more steps to prevent further misuse.

    Show sources
    Open in new tab