Bleeping Computer

Google OAuth flaw lets attackers gain access to abandoned accounts

A weakness in Google’s OAuth “Sign in with Google” feature could enable attackers that register domains of defunct startups to access sensitive data of former employee accounts linked to various ...
CSOonline

Highly exploited Chromium bug traced to a Google OAuth endpoint

An undocumented Google OAuth endpoint has been identified to be the root of the notorious info stealing exploit that is being widely implemented by various threat actors in their codes since it ...
TechSpot

Google OAuth secrets exposed as account-hijacking MultiLogin vulnerability discovered

Facepalm: OAuth is an open standard designed to share account information with third-party services, providing users with a simple way to access apps and websites. Google, one of the companies ...

Google rolls out stricter security rules for Gmail users

Just a heads up, if you buy something through our links, we may get a small share of the sale. It's one of the ways we keep ...
Bleeping Computer

Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts

Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if an ...