Hack-for-hire firms are targeting a range of accounts from Google and major webmail providers in credential theft campaigns.
At least half of the zero days exploited in the wild in 2022 are variants of previously fixed bugs, Google data shows.
Google is creating a new Open Source Maintenance Crew to aid critical open source projects up their security game.
Google has patched a zero day in the V8 engine in Chrome that is under active attack.
A new initial access broker known as Exotic Lily has used exploits for zero days and sells network access to cybercrime teams such as FIN12 for ransomware deployment.