To prevent further fake Docs phishing attacks on Gmail users, Google says it will tighten enforcement of the OAuth system it uses for linking third-party apps to Google accounts. Google has offered a ...

Researchers have discovered a flaw in Google’s OAuth system that could allow attackers to access potentially sensitive data ...

An OAuth bug discovered in Google’s Cloud Platform potentially allowed attackers to plant an application inside a victim’s account, leaving it permanently and undetectably compromised. The bug was ...

Facepalm: OAuth is an open standard designed to share account information with third-party services, providing users with a simple way to access apps and websites. Google, one of the companies ...

An undocumented Google OAuth endpoint has been identified to be the root of the notorious info stealing exploit that is being widely implemented by various threat actors in their codes since it ...

Malware families exploited Google's unreported OAuth endpoint, MultiLogin, enabling them to steal session tokens and gain unauthorized access to users' accounts. Google has fixed the issue and taken ...

Summary: A new scam has come into light, where scammers are sending out phishing emails to targets by abusing the Google OAuth app. Such an email comes from a legit-looking “no-reply@google.com” ...

A developer reported the scam after noticing a slight discrepancy in the email address. The scam passed Google’s own DKIM checks. One of the oldest signs of a scam email is an incorrect domain.

Virtually all of Google’s APIs currently support OAuth 2.0, a framework for allowing third-party apps limited access to your data from other services, as their standard authentication mechanism.

OAuth authentication that could allow a third party who purchased a domain from a defunct startup to use it to gain unauthorized access to the accounts of former ...