OAuth Vulnerability Risks

intelligence gathering

Malware Exploits Google Multiple Sign-On Vulnerability to Maintain Access After Password Reset

The information-stealing malware is actively utilizing an unspecified Google OAuth endpoint called MultiLogin to hijack user sessions and allow users to continue accessing Google services even after resetting their passwords.

chief security officer
January 4, 2024
03.6K00