Researchers have discovered a flaw in Google’s OAuth system that could allow attackers to access potentially sensitive data from former employee accounts at defunct startups. Google’s OAuth is the ...
In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google’s systems, passing all verifications but pointing to a fraudulent page ...
Researchers have discovered a set of previously unknown methods to launch URL redirection attacks against weak OAuth 2.0 implementations. These attacks can lead to the bypassing of phishing detection ...
Update, Jan. 16, 2025: This story, originally published Jan. 15, now includes a statement from Google and further clarification of the initial response to the researcher’s findings, as well as ...