OAuth Device Code Phishing: Azure vs. Google Compared

Azure can yield very powerful tokens while Google limits scopes, reducing the blast radius. Register for Huntress Labs' Live Hack to see live Microsoft 365 attack demos, explore defensive tactics, and ...
TechRepublic

Google Workspace Security: DeleFriend Vulnerability Could Allow Unwanted Access to APIs

Google Workspace Security: DeleFriend Vulnerability Could Allow Unwanted Access to APIs Your email has been sent Hunters researchers noted the vulnerability could lead to privilege escalation. Google ...
Dark Reading

Attackers Abuse Google OAuth Endpoint to Hijack User Sessions

Attackers have been exploiting an undocumented Google OAuth endpoint to hijack user sessions and allow continuous access to Google services, even after a password reset. A threat actor called "Prisma" ...
ITWire

Displaying items by tag: OAuth API

Many apps that have had access to Gmail data will find their access blocked soon as Google locks down API access, with the cut off date being 15 July. The new API policy was announced in October last ...
Geeky Gadgets

How to Set up Google App Connections in n8n in Under 5 Minutes

If you would like to connect your Google apps and services to the n8n automation platform, this guide by Nate Herk will have you up and running in minutes. Integrating Google services such as Drive, ...
Threat Post

Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens

GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of ...