Introducing Composer 2.5, our most powerful model yet.
It's more intelligent, better at sustained work on long-running tasks, and more reliable at following complex instructions.
For the next week, we’re doubling the included usage of the model.
🚨 New from our team at Google Threat Intelligence Group: "Welcome to BlackFile: Inside a Vishing Extortion Operation"
#UNC6671 is one of the most prolific and underreported cybercrime actors of 2026, targeting dozens of orgs across the US, Canada, Australia, and the UK. 🧵
An early beta of Grok Build, an agentic CLI for coding, building apps, and automating workflows is now available for SuperGrok Heavy subscribers.
Through this early beta, we will improve the model and product based on your feedback.
Try it at https://t.co/bpTHpjivWD
⚠️ Our team at Google is releasing more details on the recent NPM #axios supply chain attack. Notably, we now attribute this activity to #UNC1069, a financially motivated North Korean 🇰🇵 nexus threat actor active since at least 2018.
Our team at @Mandiant just published urgent research on an espionage campaign by China-nexus actors using the BRICKSTORM backdoor. They’ve been in victim networks undetected for over a year, targeting tech & legal sectors for IP theft and intel on US trade and national security.
🚨 Ivanti Vulnerability (CVE-2025-22457) Actively Exploited
Mandiant & Ivanti discovered active exploitation of a critical buffer overflow vulnerability in Ivanti Connect Secure VPN, leading to remote code execution.
Patch now to secure your systems: https://t.co/iV4rj8KtWJ
For the benefit of the whole industry we are sharing this report: Summary:
Only very few machines had access. Initial compromise happened trough a supply chain attack via a privileged docker image doing "yaml load" from disguised but malicious sources. From there privileges were extended despite layers of security. Eventually Bybit was targeted.
It will take the whole industry to step up to defend against those kind of attacks.
🚨 Following a months-long investigation stemming back to mid-2024, @Mandiant just published details on a campaign by China-nexus actor UNC3886 targeting Juniper routers. Our investigation uncovered a custom malware ecosystem on end-of-life Juniper MX devices.
#Ivanti released security updates to address CVE-2025-0282—being actively exploited—and CVE-2025-0283, affecting Connect Secure, Policy Secure, and ZTA Gateways. See our Alert for mitigation guidance to help reduce your exposure: https://t.co/7aNpk5oh73
🚨 New: Zero-day vulnerability CVE-2025-0282
in Ivanti Connect Secure VPN is being actively exploited, including by suspected 🇨🇳 China-nexus cyber espionage groups. Our team at @Mandiant in partnership with Ivanti just published our initial findings. 🧵
https://t.co/LEgoZhYjua
🔥new blog detailing 0day exploitation of Ivanti appliances as well as newly observed malware families tracked as PHASEJAM and DRYHOOK. We also detail activity related to the previously observed SPAWN malware ecosystem tied to China nexus cluster UNC5337.
https://t.co/mK6ZSVeBQQ
Security Advisory: Ivanti Connect Secure, Policy Secure & ZTA Gateways
1️⃣ CVE-2025-0282
CVSS 9.0 (Critical)
⚠️ Exploited in-the-wild
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
2️⃣ CVE-2025-0283
CVSS 7.0 (High)
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.
Shoutout to Mandiant & MSTIC
Great progress from the @googlechrome team imposing cost on infostealers. With the recent #UNC5537 campaign targeting Snowflake customers, this is a timely addition to Chrome. Enhanced protection and detection will likely force infostealer devs to rewrite their malware.
@ryanaraine This is a particular offering. Note that TAG is very much an important part of Google, as is its mission to counter threats to Alphabet and its billions of users.