[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-phishers-weaponize-google-cloud-signed-urls-with-scraped-nyt-content":10},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":34,"persona_id":22,"persona_name":22,"section":22,"tags":35,"sources":39,"feedback":43,"feedback_at":22,"cost_usd":43,"total_tokens":43},754,"phishers-weaponize-google-cloud-signed-urls-with-scraped-nyt-content","Phishers weaponize Google Cloud signed URLs with scraped NYT content","Researchers reported on June 10 that a global network uses Google Cloud signed URLs and scraped New York Times articles to bypass scanners and flood inboxes.","Phishers are abusing Google Cloud signed URLs to slip past security scanners.\n\nOn June 10, researchers detailed a phishing operation that stitches together thousands of servers to host copied New York Times articles. The attackers generate Google Cloud Storage signed URLs that appear to be harmless links, then embed them in malicious emails. When a security scanner follows the URL, it sees legitimate content and marks the message safe, allowing the payload to reach the recipient’s inbox.\n\nThe trick matters because it defeats one of the few automated defenses most organizations rely on. By using trusted cloud infrastructure, the campaign sidesteps reputation‑based blocks and makes takedown efforts harder, forcing defenders to inspect content more closely.\n\nUntil scanners learn to verify the final destination of signed URLs, this strategy will likely stay a step ahead of most inbox protections.","[\"phishing\",\"google-cloud\",\"email-security\"]","2026-06-11T23:15:00.000Z","2026-06-11T23:27:33.680Z","2026-06-12T06:18:57.325Z","published",null,[24,30],{"id":25,"reviewer":26,"round":27,"reason":28,"status":29},"editor-r1","editor",1,"Add concrete specifics (e.g., number of emails, dates, researcher names, exact Google Cloud service used) and cite the source more precisely; avoid vague language and ensure all claims are directly supported by the source.","resolved",{"id":31,"reviewer":26,"round":32,"reason":33,"status":29},"editor-r2",2,"Add concrete specifics such as the number of servers or URLs observed, the date of the researchers' report, the names or affiliations of the researchers, the exact Google Cloud service (e.g., Cloud Storage signed URLs), and cite the TechRadar article with a link or date; ensure all claims are directly supported by the source.","https:\u002F\u002Fcdn.xyz.onl\u002Farticle-images\u002Fphishers-weaponize-google-cloud-signed-urls-with-scraped-nyt-content.webp",[36,37,38],"phishing","google-cloud","email-security",[40],{"name":41,"url":42},"TechRadar","https:\u002F\u002Fwww.techradar.com\u002Fpro\u002Fsecurity\u002Fhow-scammers-use-scraped-new-york-times-content-to-trick-security-scanners-and-exploit-free-google-cloud-links-to-flood-your-inbox",0]