Facepalm: OAuth is an open standard designed to share account information with third-party services, providing users with a simple way to access apps and websites. Google, one of the companies ...
Researchers have discovered a flaw in Google’s OAuth system that could allow attackers to access potentially sensitive data from former employee accounts at defunct startups. Google’s OAuth is the ...
In a concerning revelation, multiple information-stealing malware families are exploiting an undocumented Google OAuth endpoint named “MultiLogin” to revive expired authentication cookies, providing ...
Experts have found a vulnerability in Google’s OAuth “Sign in with Google” feature which could allow malicious actors to access sensitive data belonging to businesses that have shut down. Google ...
An undocumented Google OAuth endpoint has been identified to be the root of the notorious info stealing exploit that is being widely implemented by various threat actors in their codes since it ...
Malicious npm packages posing as n8n community nodes were used to steal OAuth tokens by abusing trusted workflow integrations ...
Update, Sept. 05, 2024: This story, originally published Sept. 03, now includes an explainer regarding OAuth and passkey technology, and news of a hardware security key bypass. Hot on the heels of a ...
Critical API security flaws have put millions of users at risk for account takeover, by using a modern authentication standard to resurrect a longtime vulnerability. The bugs were found in the Hotjar ...
Lots of startups use Google’s productivity suite, known as Workspace, to handle email, documents, and other back-office matters. Relatedly, lots of business-minded webapps use Google’s OAuth, i.e.
ConsentFix is an OAuth phishing technique abusing browser-based authorization flows to hijack Microsoft accounts. Push ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback