Cybercriminals have found a clever new way to get phishing emails straight into inboxes.

Instead of spoofing brands, they are abusing real cloud tools that people already trust. Security researchers say attackers recently hijacked a legitimate email feature inside Google Cloud. 

The result was thousands of phishing messages that looked and felt like normal Google notifications. Many slipped past spam filters with ease.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – when you join my CYBERGUY.COM newsletter.

How this Google Cloud phishing attack worked

At the center of the campaign was Google Cloud Application Integration. This service allows businesses to send automated email notifications from workflows they build. Attackers exploited the Send Email task inside that system. Because the messages came from a real Google address, they appeared authentic to both users and security tools. 

According to Check Point, a global cybersecurity firm that tracks and analyzes large-scale threat campaigns, the emails were sent from a legitimate Google-owned address and closely matched Google’s notification style. Fonts, wording, and layout all looked familiar. Over a two-week period in December 2025, attackers sent more than 9,000 phishing emails targeting roughly 3,200 organizations across the U.S., Europe, Canada, Asia Pacific, and Latin America.

MALICIOUS CHROME EXTENSIONS CAUGHT STEALING SENSITIVE DATA

Why Google phishing emails were so convincing

The messages looked like routine workplace alerts. Some claimed you had received a voicemail. Others said you were granted access to a shared document, like a Q4 file. That sense of normalcy lowered suspicion. Many people are used to seeing these exact messages every day. Even more concerning, the emails bypassed common protections like SPF and DMARC because they were sent through Google-owned infrastructure. To email systems, nothing looked fake.

What happens after you click

The attack did not stop at the email. Once a victim clicked the link, they were sent to a page hosted on storage.cloud.google.com. That added another layer of trust. From there, the link redirected again to googleusercontent.com. Next came a fake CAPTCHA or image check. This step blocked automated security scanners while letting real users continue. After passing that screen, victims landed on a fake Microsoft login page hosted on a non-Microsoft domain. Any credentials entered there were captured by the attackers.

Who was targeted in the Google Cloud phishing attack

Check Point says the campaign focused heavily on industries that rely on automated alerts and shared documents. That included manufacturing, technology, finance, professional services, and retail. Other sectors like healthcare, education, government, energy, travel and media were also targeted. These environments see constant permission requests and file-sharing notices, which made the lures feel routine.

“We have blocked several phishing campaigns involving the misuse of an email notification feature within Google Cloud Application Integration,” a Google spokesperson told Cyberguy. “Importantly, this activity stemmed from the abuse of a workflow automation tool, not a compromise of Google’s infrastructure. While we have implemented protections to defend users against this specific attack, we encourage continued caution as malicious actors frequently attempt to spoof trusted brands. We are taking additional steps to prevent further misuse.”

The incident demonstrates how attackers can weaponize legitimate cloud automation tools without resorting to traditional spoofing.

Ways to stay safe from trusted-looking phishing emails

Phishing emails are getting harder to spot, especially when attackers abuse real cloud platforms like Google Cloud. These steps help reduce risk when emails look familiar and legitimate.

1) Slow down before acting on alerts

Attackers rely on urgency. Messages about voicemails, shared files or permission changes are designed to make you click fast. Pause before taking action. Ask yourself whether you were actually expecting that alert. If not, verify it another way.

2) Inspect links before you click

Always hover over links to preview the destination domain. In this campaign, links jumped across multiple trusted-looking Google domains before landing on a fake login page. If the final destination does not match the service asking you to sign in, close the page immediately.

3) Treat file access and permission emails with caution

Shared document alerts are a favorite lure because they feel routine at work. If an email claims you were granted access to a file you do not recognize, do not click directly from the message. Instead, open your browser and sign in to Google Drive or OneDrive manually to check for new files.

4) Use a password manager to catch fake login pages

Password managers can be a strong last line of defense. They will not autofill credentials on fake Microsoft or Google login pages hosted on non-official domains. If your password manager refuses to fill in a login, that is a red flag worth paying attention to.

Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com/Passwords) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

NEW GOOGLE AI MAKES ROBOTS SMARTER WITHOUT THE CLOUD

5) Run strong antivirus software with phishing protection

Modern antivirus tools do more than scan files. Many now detect malicious links, fake CAPTCHA pages, and credential harvesting sites in real time. Strong antivirus software can block phishing pages even after a click, which matters in multi-stage attacks like this one.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

6) Reduce your exposure with a data removal service

Phishing campaigns often succeed because attackers already know your email, employer or role. That information is commonly pulled from data broker sites. A data removal service helps remove your personal information from these databases, making it harder for attackers to craft convincing, targeted emails.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

7) Enable two-factor authentication (2FA) everywhere

Even if attackers steal your password, two-factor authentication (2FA) can stop them from accessing your account. Use app-based authentication or hardware keys when possible, especially for work email, cloud storage, and Microsoft accounts.

8) Report suspicious emails immediately

If something feels off, report it. Flag suspicious Google or Microsoft alerts to your IT or security team so they can warn others. Early reporting can stop a phishing campaign before it spreads further inside an organization.

Kurt’s key takeaways

This campaign highlights a growing shift in phishing tactics. Attackers no longer need to fake brands when they can abuse trusted cloud services directly. As automation becomes more common, security awareness matters more than ever. Even familiar emails deserve a second look, especially when they push urgency or ask for credentials.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

If a phishing email comes from a real Google address, how confident are you that you would spot it before clicking? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report 
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter. 

Copyright 2025 CyberGuy.com.  All rights reserved.

The Consumer Electronics Show, better known as CES, is the world’s largest consumer technology event, and it’s underway in Las Vegas. It takes over the city every January for four days and draws global attention from tech companies, startups, researchers, investors and journalists, of course.

CES is where many of the products that shape the next few years of consumer tech first appear. Think of it as a preview of what may soon land in our homes, hospitals, gyms and workplaces.

At CES 2026, flashy gadgets and robots are everywhere, but health technology is drawing some of the most attention. Across the show floor, companies are focusing on prevention, recovery, mobility, safety and long-term well-being. These 10 health tech products stole the spotlight in Las Vegas and hint at where wellness innovation could be headed next.

MARCH IS NUTRITION MONTH – HERE ARE 8 NUTRITION PRODUCTS THAT CAN HELP YOU LIVE A HEALTHIER LIFE

Sign up for my FREE CyberGuy Report 
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter. 

The 10 health tech products turning heads at CES 2026

From AI-driven health insights to tools designed to reduce everyday risk, these are the health tech products people are stopping to look at on the CES 2026 show floor.

1) NuraLogix Longevity Mirror predicts your health in 30 seconds

NuraLogix introduced a smart mirror that turns a short selfie video into a snapshot of your long-term health outlook. The Longevity Mirror analyzes subtle blood flow patterns in your face using AI and scores metabolic health, heart health and physiological age from zero to 100.

Results appear in about 30 seconds along with clear explanations and recommendations. The AI was trained on hundreds of thousands of patient records, which helps translate raw data into understandable insights.

The mirror supports up to six user profiles. It launches in early 2026 for $899 and includes a one-year subscription. After this, the subscription costs $99 per year. Optional concierge support connects users with nutrition and wellness experts.

2) Ascentiz walking exoskeletons keep getting lighter and more practical

Ascentiz showed how mobility tech is shifting toward real-world use at CES 2026. The Ascentiz H1 Pro walking exoskeleton stood out for its lightweight, modular design, which reduces strain while supporting motor-assisted movement across longer distances.

The system uses AI to adapt assistance to the user’s motion and terrain, making it useful on inclines and uneven ground. A belt-based attachment system keeps the device compact and easy to wear, while dust- and water-resistant construction supports outdoor use in different conditions.

For users who need more power, Ascentiz also offers Ultra and knee or hip-attached models that deliver stronger assistance. Together, the lineup shows how exoskeletons are moving beyond clinical rehab and toward everyday mobility support.

3) Bambini Kids brings powered walking to pediatric rehab

Cosmo Robotics earned a CES Innovation Award for Bambini Kids, the first overground pediatric exoskeleton with powered ankle motion. It is designed for children ages 2.5 to 7 with congenital or acquired neurological disorders.

The system offers both active and passive gait training modes. Encouraging guided and natural movement helps children relearn walking skills while reducing complications linked to conditions like cerebral palsy.

4) Sunbooster turns desk work into sunlight exposure

If you spend most of your day indoors, one of the wellness products drawing attention at CES 2026, Sunbooster, offers a practical way to replace a missing part of natural sunlight.

The device clips onto a monitor, laptop or tablet and projects near-infrared light while you work, without adding noise or disrupting your routine.

Near-infrared light is a natural component of sunlight linked to energy levels, mood and skin health. Sunbooster uses patented SunLED technology to deliver controlled exposure and tracks daily dosage, encouraging two to four hours of use during screen time.

The technology has been tested in human and laboratory studies conducted at the University of Groningen and Maastricht University, adding scientific backing to its claims. The company is also developing a phone case and a monitor with built-in near-infrared lighting, which could make sunlight replacement even more seamless in indoor environments.

SMART RINGS THAT CAN TRACK YOUR SLEEP, FITNESS, AND COULD SAVE YOUR LIFE

5) Allergen Alert brings a pocket-sized lab to the table

Allergen Alert tackles one of the most stressful parts of eating out with food allergies. The handheld device tests a small food sample inside a sealed, single-use pouch and detects food allergens or gluten directly in a meal within minutes.

Built on laboratory-grade technology derived from bioMérieux expertise, the system automates the entire analytical process and delivers results without requiring technical knowledge. The company says the technology has attracted interest from highly demanding environments, including Michelin-starred restaurants, as a way to help reduce cross-contamination risk.

At CES 2026, Allergen Alert positioned the device as a tool designed to restore confidence and inclusion at the table. The mini-lab will be available for pre-orders at the end of 2026, with plans to expand testing to additional common allergens in the future.

6) Samsung Brain Health explores early cognitive changes

Samsung previewed Brain Health, a research-driven feature designed for Galaxy wearables that analyzes walking patterns, voice changes and sleep data to flag potential early signs of cognitive decline.

The system draws on data from devices like the Galaxy Watch and Galaxy Ring to establish a personal baseline, then looks for subtle deviations linked to early dementia research. Samsung emphasizes that Brain Health is not intended to diagnose medical conditions. Instead, it aims to provide early warnings that encourage people and their families to seek professional evaluation sooner.

Samsung plans for future beta availability, but no public release date has been confirmed. At CES 2026, people can check out the feature during an in-person demo.

7) Withings BodyScan 2 turns a scale into a health hub

Withings is rethinking what a bathroom scale can do with BodyScan 2, which earned a CES 2026 Innovation Award. In under 90 seconds, the smart scale measures ECG data, arterial stiffness, metabolic efficiency and hypertension risk.

The connected app helps users see how stress, sedentary habits, menopause or weight changes affect cardiometabolic health. The focus shifts away from weight alone and toward early health signals that can be tracked over time.

8) Garmin Venu 4 focuses on health trends, not single stats

Garmin earned a CES Innovation Honore Award for the Venu 4 smartwatch. A new health status feature highlights when metrics like heart rate variability and respiration drift away from personal baselines.

Lifestyle logging links daily habits to sleep and stress outcomes. With up to 12 days of battery life, the watch supports continuous tracking without nightly charging. 

9) Ring Fire Watch turns doorbells into wildfire sensors

Ring introduced Fire Watch, an opt-in feature that uses AI to detect smoke and flames from compatible cameras. During wildfires, users can share snapshots with Watch Duty, a nonprofit that distributes real-time fire alerts to communities and authorities.

It shows how existing home tech can play a role in public safety during environmental emergencies.

10) RheoFit A1 delivers hands-free AI recovery

RheoFit A1 may be the most relaxing health gadget at CES 2026. The AI-powered robotic roller glides beneath your body to deliver a full-body massage in about 10 minutes.

With interchangeable massage attachments and activity-specific programs, it targets soreness from workouts or long hours at a desk. The companion app uses an AI body scan to adapt pressure and focus areas automatically.

Take my quiz: How safe is your online security?

Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com      

Kurt’s key takeaways

CES 2026 showed how health tech is becoming more practical and more personal. Many of the products on this list focus on catching problems earlier, reducing everyday stress and helping people make better decisions about their health. From tools that flag potential health risks to devices that improve safety at home, the real shift is toward technology that fits naturally into our daily lives.

Which of these CES 2026 health tech products would you actually use first in your daily life, and what problem would it solve for you? Let us know by writing to us at Cyberguy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report 
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter. 

Copyright 2025 CyberGuy.com.  All rights reserved.