Google Meet Phishing Campaign Giving Attackers Access to Windows PCs

Fake Google Meet Update Can Give Attackers Control of Your Windows PC

Cybersecurity analysts have identified a phishing campaign that can quietly hand control of a Windows computer to attackers after a single click. The scam appears as a routine update notice for Google Meet, but the prompt is fraudulent and redirects victims into a device management system controlled by threat actors.

Unlike many phishing schemes, the technique does not steal passwords, download obvious malware, or display clear warning signs. Instead, the attack relies on convincing users to interact with a page that imitates a standard software update message.

A convincing but fake update message

The deceptive webpage tells visitors they must install the latest version of Meet in order to continue using the service. The design closely resembles a legitimate update notification and uses familiar colors and branding that many users associate with Google products.

However, both the “Update now” button and the “Learn more” link do not connect to any official Google resource. Instead, they activate a special Windows deep link known as ms-device-enrollment:.

12 ways attackers abuse cloud services to hack your enterprise

Attackers are increasingly abusing trusted SaaS platforms, cloud infrastructure, and identity systems to blend malicious activity into legitimate enterprise traffic.

Adversaries are pushing command and control (C2) through high-reputation services, including OpenAI and AWS, to blend in with normal business traffic and evade blocklists.

The shift from “living off the land” to “living off the cloud” reflects how attackers have adapted to the enterprise’s migration of IT infrastructure to hybrid and cloud environments such as AWS, Azure, and Google Cloud.

“Instead of abusing local binaries like PowerShell or WMI [Windows Management Instrumentation] to evade detection, adversaries now leverage native cloud administrative tools, APIs, identity systems, and management consoles to operate using legitimate functionality,” says Arif Khan, head of threat hunting and response services at Mitiga.

“Because cloud environments are inherently API-driven, attackers who obtain valid credentials or tokens can enumerate resources, extract data, escalate privileges, and maintain persistence through routine-looking administrative calls.”

Safeguarding the Portfolio: Incident Readiness and the Cyber Landscape in 2026

Last week, Ropes & Gray’s Data, Privacy and Cybersecurity team partnered with FTI Consulting to host a roundtable breakfast in London for privacy, compliance and IT leads from across the private equity industry. The conversation centred on a simple question: how ready are PE firms and their portfolio companies for the cyber threats heading their way in 2026?

The short answer: it depends on who you ask. The longer answer follows below.

…

AI is Supercharging the Adversary

Artificial intelligence cut across every part of the discussion. The UK National Cyber Security Centre and the European Union Agency for Cybersecurity have each flagged that AI is lowering the barrier to entry for threat actors, and the roundtable participants had seen those effects first-hand.

California’s PlayOn Enforcement: A New Chapter in Children’s Data Privacy

On March 3, 2026, the California Privacy Protection Agency (CalPrivacy) announced a settlement with PlayOn Sports (formerly 2080 Media, Inc.), imposing a $1.1 million administrative fine and sweeping compliance obligations. Reached in January, the settlement marks a significant escalation in state privacy enforcement and is the first CalPrivacy action to address privacy violations involving students and California schools. The enforcement is particularly notable because it targets a platform whose services are inherently associated with children, students, and families.

The PlayOn matter underscores how state regulators are increasingly scrutinizing privacy practices in environments where minors are not incidental users, but the core audience. Viewed alongside prior federal and state enforcement actions, the case offers important lessons about consent design, tracking technologies, and the growing convergence between children’s privacy principles and broader consumer‑privacy regimes.

Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool

Salesforce has warned of an increase in threat actor activity that's aimed at exploiting misconfigurations in publicly accessible Experience Cloud sites by making use of a customized version of an open-source tool called AuraInspector.

The activity, per the company, involves the exploitation of customers' overly permissive Experience Cloud guest user configurations to obtain access to sensitive data.

"Evidence indicates the threat actor is leveraging a modified version of the open-source tool AuraInspector [...] to perform mass scanning of public-facing Experience Cloud sites," Salesforce said.

…

AuraInspector refers to an open-source tool designed to help security teams identify and audit access control misconfigurations within the Salesforce Aura framework. It was released by Google-owned Mandiant in January 2026.

Japan and ASEAN Strengthen Cybersecurity Cooperation as Digital Threats Rise

The growing number and harshness of cyberattacks against commercial and state sectors in Asia is one of the main reasons for countries’ willingness to increase their collaboration in cybersecurity. Japan and the ASEAN countries are jointly working on various projects to build the capacity to counter cyber threats, share cybersecurity information, and enhance the resilience of the digital infrastructure at the regional level.

Since cybercrime is constantly becoming more sophisticated and crossing borders, the need for very effective cooperation among governments, technology companies, and security agencies is considered one of the major ways to protect digital infrastructures and economic activities.

Among the biggest risks for companies that are part of the digital economy nowadays are cyberattacks. For example, Japanese beverage company Asahi Group was recently the victim of a massive ransomware attack that completely shut down their internal systems and even led to a delay in the publication of their financial reports. The attackers initially entered the company’s computer network by stealing the credentials of an administrator. Subsequently, they carried out the ransomware that not only encrypted the data but also severely disrupted the company’s operations.