Google surfaces this week across two distinct threat items: Chrome credential stores are actively targeted by TA4922 using Atlas RAT for credential harvesting and session theft, and Google Gemini has been abused by the Russia-aligned GREYVIBE threat group to accelerate phishing campaign development and malware scripting. Neither item involves a vulnerability in Google’s products; both represent adversarial abuse of legitimate capabilities. Chrome hardening and Gemini usage monitoring are the primary defender actions.