Dark Reading

Attackers Abuse Google OAuth Endpoint to Hijack User Sessions

Attackers have been exploiting an undocumented Google OAuth endpoint to hijack user sessions and allow continuous access to Google services, even after a password reset. A threat actor called "Prisma" ...
Bleeping Computer

Microsoft, Google OAuth flaws can be abused in phishing attacks

Researchers have discovered a set of previously unknown methods to launch URL redirection attacks against weak OAuth 2.0 implementations. These attacks can lead to the bypassing of phishing detection ...