Googleの正規のセキュリティ通知で利用されるメールアドレスの「[email protected]」から送信されたメールであるかのように偽装するフィッシング ...

Googleの旧サービスなどを悪用した巧妙なフィッシング攻撃が見つかった。正規の電子メールやOAuthを利用し、偽ページへの誘導や情報の詐取を ...

A weakness in Google's OAuth "Sign in with Google" feature could enable attackers that register domains of defunct startups to access sensitive data of former employee accounts linked to various ...

Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if ...

Attackers have been exploiting an undocumented Google OAuth endpoint to hijack user sessions and allow continuous access to Google services, even after a password reset. A threat actor called ...

A security researcher has discovered a bug in Google's OAuth that puts the data of employees of former companies at risk. There is no fix yet.

This Google’s OAuth flaw that could allow attackers to inherit credentials from old accounts of former failed startups employees.

セキュリティ企業のTruffle Securityが、GoogleのOAuth認証に見つかった欠陥について報告しています。この欠陥は、倒産したスタートアップのドメイン ...