The Hacker News

Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails

A zero-click browser attack uses polite email instructions to trigger agents that delete real files from Google Drive.
CSOonline

Highly exploited Chromium bug traced to a Google OAuth endpoint

An undocumented Google OAuth endpoint has been identified to be the root of the notorious info stealing exploit that is being widely implemented by various threat actors in their codes since it ...

Google AI can access some content from Gmail and chats. Here's how to opt out

Snopes found there was truth to the claim that Google's AI accesses private content, though the AI-powered smart features privacy option in Gmail's settings was a long-standing part of how Gmail ...
TechSpot

Google OAuth secrets exposed as account-hijacking MultiLogin vulnerability discovered

Facepalm: OAuth is an open standard designed to share account information with third-party services, providing users with a simple way to access apps and websites. Google, one of the companies ...
Bleeping Computer

OAuth Device Code Phishing: Azure vs. Google Compared

Come along with me on a journey as we delve into the swirling, echoing madness of identity attacks. Today, I present a case study on how different implementations of OAuth 2.0, the core authentication ...
TechRadar

Hackers are exploiting OAuth loophole for persistent access - and resetting your password won't save you

Researchers have observed attackers weaponizing OAuth apps Attackers gain access that persists even through password changes and MFA This isn't just a proof of concept - it's been observed in the wild ...