Bleeping Computer

Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts

Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if an ...
Bleeping Computer

Google: Malware abusing API is standard token theft, not an API issue

Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired. In late November 2023, ...
Ars Technica

Google plans to stop using insecure SMS verification in Gmail

A username and password just won’t cut it anymore. Users around the world logging into Gmail have often relied on Google SMS pings to securely access their accounts, but that’s changing. Google now ...
XDA Developers on MSN

Gmail is finally getting rid of SMS security codes to protect your security

Google plans to replace SMS verification with QR codes due to phishing risks and security vulnerabilities exploited by scammers. QR codes will eliminate the need to enter security codes when accessing ...