The Hacker News

Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails

A zero-click browser attack uses polite email instructions to trigger agents that delete real files from Google Drive.
CSOonline

Highly exploited Chromium bug traced to a Google OAuth endpoint

An undocumented Google OAuth endpoint has been identified to be the root of the notorious info stealing exploit that is being widely implemented by various threat actors in their codes since it ...

Google AI can access some content from Gmail and chats. Here's how to opt out

Google's AI can use emails and chats at different levels if users let it. But it's easy to opt out.
TechSpot

Google OAuth secrets exposed as account-hijacking MultiLogin vulnerability discovered

Facepalm: OAuth is an open standard designed to share account information with third-party services, providing users with a simple way to access apps and websites. Google, one of the companies ...
TechRadar

Hackers are exploiting OAuth loophole for persistent access - and resetting your password won't save you

Researchers have observed attackers weaponizing OAuth apps Attackers gain access that persists even through password changes and MFA This isn't just a proof of concept - it's been observed in the wild ...