Vercel has confirmed that its recent security incident compromised more accounts than initially reported, tracing the breach to a third-party AI tool infected with Lumma Stealer malware. The attack ...

Vercel has been hacked and had some customer credentials compromised after an employee's single OAuth token, which had been ...

Vercel breached after attacker compromised Context.ai, hijacked an employee's Google Workspace via OAuth, and accessed ...

Google has simplified the OAuth authorization process for users who give a third-party app access to Google apps such as Docs and Drive. The update, though minor, makes it possible for users to ...

Researchers have discovered a flaw in Google’s OAuth system that could allow attackers to access potentially sensitive data from former employee accounts at defunct startups. Google’s OAuth is the ...

Google has tightened up its policies surrounding OAuth third-party authentication-sharing after last week's mass phishing campaign that the search engine giant says affected less than 0.1% of its ...

A weakness in Google’s OAuth “Sign in with Google” feature could enable attackers that register domains of defunct startups to access sensitive data of former employee accounts linked to various ...

Summary: A new scam has come into light, where scammers are sending out phishing emails to targets by abusing the Google OAuth app. Such an email comes from a legit-looking “[email protected]” address ...