Hosted on MSN

Google’s OAuth flaw is potentially exposing millions of accounts

Researchers have discovered a flaw in Google’s OAuth system that could allow attackers to access potentially sensitive data from former employee accounts at defunct startups. Google’s OAuth is the ...
Hosted on MSN

Scammers are now abusing Google OAuth to send phishing emails

Summary: A new scam has come into light, where scammers are sending out phishing emails to targets by abusing the Google OAuth app. Such an email comes from a legit-looking “[email protected]” ...
CSOonline

Highly exploited Chromium bug traced to a Google OAuth endpoint

An undocumented Google OAuth endpoint has been identified to be the root of the notorious info stealing exploit that is being widely implemented by various threat actors in their codes since it ...

Google Issues Worldwide Gmail Data Breach Warning

ShinyHunters, the attacker group behind the breach, gained access by impersonating an IT help desk to a Google employee.
Android

Malware exploits Google OAuth endpoint revealing Google account passwords

In a concerning revelation, multiple information-stealing malware families are exploiting an undocumented Google OAuth endpoint named “MultiLogin” to revive expired authentication cookies, providing ...
PC World

Google Boosts Security of Hosted Developer Services

Google has beefed up the security of its cloud hosted services for developers by making several of them able to authenticate interactions with applications using certificate-based Service Accounts.
Bleeping Computer

Google warns Salesloft breach impacted some Workspace accounts

Google now reports that the Salesloft Drift breach is larger than initially thought, warning that attackers also used stolen OAuth tokens to access a small number of Google Workspace email accounts in ...