Dark Reading

Attackers Abuse Google OAuth Endpoint to Hijack User Sessions

Attackers have been exploiting an undocumented Google OAuth endpoint to hijack user sessions and allow continuous access to Google services, even after a password reset. A threat actor called "Prisma" ...
Hosted on MSN

Scammers are now abusing Google OAuth to send phishing emails

Summary: A new scam has come into light, where scammers are sending out phishing emails to targets by abusing the Google OAuth app. Such an email comes from a legit-looking “[email protected]” ...
TechCrunch

Google Brings OAuth 2.0 Support To Gmail And Google Talk To Make Third-Party Apps More Secure

Virtually all of Google’s APIs currently support OAuth 2.0, a framework for allowing third-party apps limited access to your data from other services, as their standard authentication mechanism.
CSOonline

Highly exploited Chromium bug traced to a Google OAuth endpoint

An undocumented Google OAuth endpoint has been identified to be the root of the notorious info stealing exploit that is being widely implemented by various threat actors in their codes since it ...
ZDNet

Gmail fake Docs attack: Now Google tightens OAuth rules to block phishing

To prevent further fake Docs phishing attacks on Gmail users, Google says it will tighten enforcement of the OAuth system it uses for linking third-party apps to Google accounts. Google has offered a ...
Digital Journal

Google OAuth flaw leaves many users vulnerable via failed startup domains

Google's advertising practices are also subject to investigations or proceedings in Britain, the EU and the United States. — © AFP/File Josh Edelson Google's ...