Find notable cyber news and cases, enriched with sources, timelines, and signals.

Google Dialogflow CX Code Blocks shared-runtime isolation security flaw

Vulnerability
First reported
Last updated
Happening score
H score 32
1 unique sources, 1 articles

Summary

Hide ▲

Google Dialogflow CX Code Blocks had a shared-runtime isolation flaw that could let one editable agent affect other Code Block-enabled agents in the same Google Cloud project. An attacker with the dialogflow.playbooks.update permission could read live conversations and inject attacker-written bot messages, including phishing prompts to re-enter passwords. Google says it fixed the issue and there is no sign it was used in a real attack.

Related Happenings

AirDrop and Quick Share nearby crash and session-bypass flaws security flaw

Vulnerability
H score1 First: 30.06.2026 12:27 Last: 30.06.2026 12:27 Sources 1

About this happening: Nearby attackers can crash **AirDrop** and bypass **Quick Share** session checks, exposing **Apple**, **Samsung**, and **Google Windows** file-sharing stacks to local disruption a...

CI/CD pull-request privilege-escalation flaw (Cordyceps)

Vulnerability
H score32 First: 24.06.2026 15:48 Last: 24.06.2026 15:48 Sources 1

About this happening: **Cordyceps** exposed a **CI/CD workflow privilege-escalation flaw** in **pull-request automation** that let **unauthenticated users** hijack privileged workflows and reach open-s...

Chrome V8 JavaScript engine out-of-bounds read/write zero-day exploited in the wild (CVE-2026-11645)

Vulnerability
H score45 First: 09.06.2026 09:56 Last: 09.06.2026 09:56 Sources 1

About this happening: **Google** has patched **CVE-2026-11645**, a **Chrome V8 JavaScript engine** zero-day that was **exploited in the wild** and could let remote attackers run code inside the browser...

Google Gemini on Android notification-injection bypass using Fake Context Alignment

Technical Analysis
H score16 First: 03.06.2026 22:11 Last: 03.06.2026 22:11 Sources 1

About this happening: Researchers found a **notification-based prompt-injection bypass** in **Google Gemini on Android** that could turn hostile notification text into **unauthorized assistant actions*...

Android Framework code execution and privilege escalation flaw (CVE-2025-48595)

Vulnerability
H score40 First: 02.06.2026 14:10 Last: 02.06.2026 14:10 Sources 1

About this happening: Google's **June 2026 Android security patches** now cover **CVE-2025-48595**, an **actively exploited Android Framework** flaw that can lead to **code execution** and **privilege...

Timeline

  1. 07.07.2026 19:37 2 articles · 2d ago

    Google Dialogflow CX Code Blocks shared-runtime isolation security flaw

    Initial Disclosure

    A single **Code Block** foothold in **Google Dialogflow CX** could spread across every shared runtime in the project. The flaw turned an ordinary edit right into access to conversation history, bot responses, and shared Python execution.

    Show sources