Journalists discovered that the Refresh Outdated Content tool allowed anyone to remove specific pages from Google search results. As a result, negative articles about the CEO of a major tech company in San Francisco disappeared from the search.
This story begins in 2023, when independent journalist Jack Poulson, in his publication reported on the arrest of Maury Blackman, which occurred in 2021 and was related to allegations of domestic violence.
At that time, Blackman was the head of Premise Data Corp., a company engaged in developing surveillance systems, and he reacted extremely negatively to the publication about his legal issues. Although the case did not lead to any charges (Blackman’s 25-year-old girlfriend withdrew her complaint against the 53-year-old CEO), Poulson published unpleasant details from the public police report in his article.
But whereas Blackman previously fought negative publications about himself using DMCA complaints and lawsuits, this time he used Google’s tool — Refresh Outdated Content.
At the end of last year, the nonprofit organization Freedom of the Press Foundation, which is dedicated to protecting journalists’ rights, already reported on Poulson’s investigation and Blackman’s response actions. However, in June 2025, the journalist reached out to the organization once again, as his article suddenly disappeared from Google’s search results entirely.
An NGO conducted its own investigation, which ultimately led to the discovery of a little-known Google feature called Refresh Outdated Content. Google initially created this tool to allow users to report outdated or error-inducing pages so that search results could be cleansed of clutter. Notably, Refresh Outdated Content does not record who is sending the requests.
However, it was discovered that a bug in this tool allowed anyone to remove specific pages from search results. In this case — mentions of Blackman’s arrest.
For instance, the article about Blackman completely disappeared from search and did not appear in the results even when searching for the exact title. Furthermore, Poulson noted that two of his articles on Substack also vanished from the search.
Although Google does not remove links from search results simply at someone’s request, in this case, a bug allowed exactly that. By submitting a request via Refresh Outdated Content, one could specify a URL with altered casing— for example, writing AnAtomy instead of anatomy, or censorSHip instead of censorship. Due to the case-insensitivity of the Google search crawler, it would check the modified URL, receive a 404 error (“Page Not Found”) in response, and remove the link from the index.
Researchers at the Freedom of the Press Foundation discovered that Blackman himself or someone acting on his behalf exploited this bug “dozens of times” in May and June 2025. It is noted that after leaving Premise, Blackman became the head of The Transparency Company, which specializes precisely in online reputation management.
Eventually, the researchers reached out to Google representatives, and the company confirmed the presence of the vulnerability. Currently, Paulson’s articles and those from the Freedom of the Press Foundation should once again appear in Google search results, and the “Refresh Outdated Content” tool can no longer be misused to remove pages from searches.
However, it remains unclear whether this bug was known earlier and the extent to which it could have been exploited. Google assured researchers that the issue affected only a “small fraction of sites,” but they did not provide specific numbers.
2025.02.08 — Hackers exploit RCE vulnerability in Microsoft Outlook
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Federal Civilian Executive Branch (FCEB) Agencies that they have to secure their systems from ongoing…
Full article →
2025.02.20 — Newly-discovered vulnerabilities in OpenSSH open the door to MiTM and DoS attacks
OpenSSH fixed two vulnerabilities that could result in MiTM and denial of service (DoS) attacks. Interestingly, one of these bugs appeared in the code more than 10…
Full article →
2025.01.30 — Hackers use vulnerabilities in SimpleHelp RMM to attack corporate networks
Experts believe that recently patched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) were used by attackers to gain initial access to corporate networks. A number…
Full article →
2025.03.07 — YouTube warns of scam video featuring its CEO
According to YouTube, scammers use an AI-generated video of the company's CEO in phishing attacks to steal user credentials. The scammers attack content creators by sending them…
Full article →
2025.03.10 — Nearly a million Windows computers impacted by a malvertising campaign
According to Microsoft, nearly 1 million Windows devices fell victim to a sophisticated malvertising campaign in recent months. Cybercriminals were able to steal credentials, cryptocurrency, and sensitive…
Full article →
2025.02.05 — Google patches Android zero-day vulnerability exploited by hackers
Google released the February set of patches for Android. In total, they fix 48 bugs, including a kernel zero-day vulnerability actively exploited by hackers. The zero-day's…
Full article →
2025.03.26 — Cloudflare to block all unencrypted traffic to its APIs
According to Cloudflare, effective immediately, only secure HTTPS connections to api.cloudflare.com will be accepted; while all HTTP ports are to be closed. The purpose of this decision…
Full article →
2025.02.07 — 768 vulnerabilities were exploited by hackers in 2024
According to VulnCheck, 768 CVEs were registered as exploited in real-life attacks in 2024. This is 20% greater compared to 2023 when hackers exploited 639 vulnerabilities. Interestingly,…
Full article →
2025.02.25 — More than 100,000 users downloaded SpyLend malware from Google Play Store
According to Cyfirma, a malicious Android app called SpyLend was available on the official Google Play Store for some time and has been downloaded from there…
Full article →
2025.01.28 — J-magic backdoor attacked Juniper Networks devices using 'magic packets'
A massive backdoor attack targeting Juniper routers often used as VPN gateways has been uncovered. The devices were attacked by the J-magic malware that…
Full article →