ZDNet

Gmail fake Docs attack: Now Google tightens OAuth rules to block phishing

To prevent further fake Docs phishing attacks on Gmail users, Google says it will tighten enforcement of the OAuth system it uses for linking third-party apps to Google accounts. Google has offered a ...
The Hacker News

n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens

Malicious npm packages posing as n8n community nodes were used to steal OAuth tokens by abusing trusted workflow integrations ...
CSOonline

Highly exploited Chromium bug traced to a Google OAuth endpoint

An undocumented Google OAuth endpoint has been identified to be the root of the notorious info stealing exploit that is being widely implemented by various threat actors in their codes since it ...
Indiatimes

Google fixes issue with Chrome 'malware' that allowed to break into users' accounts

Malware families exploited Google's unreported OAuth endpoint, MultiLogin, enabling them to steal session tokens and gain unauthorized access to users' accounts. Google has fixed the issue and taken ...
Digital Journal

Google OAuth flaw leaves many users vulnerable via failed startup domains

Google's advertising practices are also subject to investigations or proceedings in Britain, the EU and the United States. — © AFP/File Josh Edelson Google's ...
TechSpot

Google OAuth secrets exposed as account-hijacking MultiLogin vulnerability discovered

Facepalm: OAuth is an open standard designed to share account information with third-party services, providing users with a simple way to access apps and websites. Google, one of the companies ...