Did you ever use Google to log into a website from a domain that no longer exists (think HR systems, LinkedIn, or just about anything with a “sign in with Google button”).
Remove it from your accounts immediately, if you can.
If you have a domain that’s about to expire that ever used Google for sign-in, clean those accounts up now.
Same goes for any third party SSO. If you no longer control the domain, expect to be impersonated.
https://thehackernews.com/2025/01/google-oauth-vulnerability-exposes.html?m=1
=> More informations about this toot | More toots from hackerfriendly@mas.to
@hackerfriendly cool!
=> More informations about this toot | More toots from inpc@go.mxtthxw.art
@inpc I’ve seen friends get compromised this way. Not surprised to see it getting more attention. It’s an easy own.
=> More informations about this toot | More toots from hackerfriendly@mas.to
@hackerfriendly have passed the article to some people I think should know. Many thanks.
=> More informations about this toot | More toots from inpc@go.mxtthxw.art This content has been proxied by September (3851b).Proxy Information
text/gemini