CyberSecurityBoard
Sponsor Register Login

Hackers Exploiting Google's OAuth system Flaws to Bypass Gmail Security Filters

The attack, which successfully bypasses Gmail’s security filters, appears legitimate to users as it originates from authentic Google domains and passes all standard security checks, including DKIM authentication. Nick Johnson, Ethereum Name Service (ENS) developer, reported being targeted by an attack that exploited a flaw in Google’s infrastructure, allowing threat actors to send emails that appear to come directly from Google’s official domains. Researchers noted that the embedded link in the email pointed to a phishing page under the ‘google.com’ subdomain, guiding users to enter a simulated login interface to steal credentials. In the meantime, security experts recommend users enable two-factor authentication, use passkeys where available, and remain vigilant about any emails requesting account verification or login credentials, even if they appear to come from legitimate sources. In Johnson’s case, the phishing email claimed that a subpoena had been served on Google LLC requiring the production of his Google Account content, complete with an official-looking case reference number. Unlike conventional phishing attempts that rely on fake login pages, this attack leverages legitimate OAuth authorization flows. Google has confirmed awareness of this phishing campaign and acknowledged that it exploits OAuth and DKIM mechanisms in a creative way. A highly sophisticated phishing attack exploiting vulnerabilities in Google’s OAuth system has been identified. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The message comes from “no-reply@google[.]com” and passes all standard security checks, including DKIM verification. “Recently I was targeted by an extremely sophisticated phishing attack, and I want to highlight it here. It exploits a vulnerability in Google’s infrastructure, and given their refusal to fix it, we’re likely to see it a lot more,” Johnson wrote on X. “Google has reconsidered and will be fixing the OAuth bug!” Johnson confirmed in a recent update.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 21 Apr 2025 06:20:24 +0000


Cyber News related to Hackers Exploiting Google's OAuth system Flaws to Bypass Gmail Security Filters

Gmail Hackers Leave Vital Clues Behind-Check These 3 Things Now - With more than 1.8 billion active accounts, Gmail is not only one of the most used services online but one of the most targeted by hackers. It's not hard to understand why, as Gmail soaks up around half of all email client usage by U.S. market share. ...
2 years ago Forbes.com
Threat actors misuse OAuth applications to automate financially driven attacks - Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious ...
2 years ago Microsoft.com
Google rolls out easy end-to-end encryption for Gmail business users - Google says that after Gmail's new E2EE model rolls out, business users will be able to send fully encrypted emails to any user on any email service or platform without having to worry about complex certificate requirements. ​Google has started ...
9 months ago Bleepingcomputer.com
Hackers Exploiting Google's OAuth system Flaws to Bypass Gmail Security Filters - The attack, which successfully bypasses Gmail’s security filters, appears legitimate to users as it originates from authentic Google domains and passes all standard security checks, including DKIM authentication. Nick Johnson, Ethereum Name ...
9 months ago Cybersecuritynews.com
Attackers Target Microsoft Accounts to Weaponize OAuth Apps - Threat actors are abusing organizations' weak authentication practices to create and exploit OAuth applications, often for financial gain, in a string of attacks that include various vectors, including cryptomining, phishing, and password spraying. ...
2 years ago Darkreading.com
25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
6 months ago Cybersecuritynews.com
What Is OAuth 2.0? - Scope of Access: Before OAuth, the meal planning app might have access to data that the user did not actually wish to share. No Way to Revoke Access: Before OAuth, the user could not easily restrict or revoke the meal planning app's access to their ...
2 years ago Feeds.dzone.com
Find hidden malicious OAuth apps in Microsoft 365 using Cazadora - Microsoft 365 environments are increasingly targeted by attackers leveraging malicious OAuth applications to gain unauthorized access and persist within organizations. These hidden OAuth apps can bypass traditional security controls, making detection ...
3 months ago Bleepingcomputer.com
Researchers Claim Design Flaw in Google Workspace Puts Organizations at Risk - Google is disputing a security vendor's report this week about an apparent design weakness in Google Workspace that puts users at risk of data theft and other potential security issues. According to Hunters Security, a flaw in Google Workspace's ...
2 years ago Darkreading.com Hunters
Hackers Abuse OAuth Applications to Automated Finacial Attacks - OAuth is an industry-standard protocol that allows third-party applications to access a user's data without exposing login credentials. This standard protocol facilitates secure authorization and authentication, commonly used to access resources on ...
2 years ago Cybersecuritynews.com
Hackers Abuse Google Services to Send Malicious Law Enforcement Requests - The attack utilizes official Google infrastructure, including the company’s OAuth system and sites.google.com domain, to create messages that appear to come directly from Google’s trusted [email protected] address. A sophisticated ...
8 months ago Cybersecuritynews.com
Versions 14 and 13 of Android are Vulnerable to New Lock Screen Bypass Exploits - Using Android 14 and 13 smartphones, a newly discovered bug allowing the user to bypass the lock screen can compromise sensitive information from Google accounts stored in users' Google accounts, according to security researcher Jose Rodriguez. It ...
2 years ago Cysecurity.news
Microsoft Disables Verified Partner Accounts Used for OAuth Phishing - Microsoft has disabled multiple fraudulent, verified Microsoft Partner Network accounts for creating malicious OAuth applications that breached organizations cloud environments to steal email. In a joint announcement between Microsoft and Proofpoint, ...
2 years ago Bleepingcomputer.com
Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns - Attackers are compromising high-privilege Microsoft accounts and abusing OAuth applications to launch a variety of financially-motivated attacks. OAuth is an open standard authentication protocol that uses tokens to grant applications access to ...
2 years ago Helpnetsecurity.com Hunters
CVE-2025-4143 - The OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp , did not correctly validate that redirect_uri was on the allowed list of redirect URIs for the given client registration. ...
8 months ago
OAuth Device Code Phishing: Azure vs Google Compared - OAuth device code phishing is an emerging threat targeting users of popular cloud platforms like Microsoft Azure and Google. This attack exploits the OAuth device authorization flow, tricking victims into granting malicious apps access to their ...
2 months ago Bleepingcomputer.com
Google Cloud Next 2024: New Data Center Chip Joins Ecosystem - Google Cloud announced a new enterprise subscription for Chrome and a bevy of generative AI add-ons for Google Workspace during the Cloud Next '24 conference, held in Las Vegas from April 9 - 11. Overall, Google Cloud is putting its Gemini generative ...
1 year ago Techrepublic.com
Data thieves abuse Microsoft's 'verified publisher' status The Register - Miscreants using malicious OAuth applications abused Microsoft's "Verified publisher" status to gain access to organizations' cloud environments, then steal data and pry into to users' mailboxes, calendars, and meetings. According to researchers with ...
2 years ago Packetstormsecurity.com Lazarus Group
Attackers Abuse Google OAuth Endpoint to Hijack User Sessions - Attackers have been exploiting an undocumented Google OAuth endpoint to hijack user sessions and allow continuous access to Google services, even after a password reset. CloudSEK researchers learned of the zero-day exploit in October, when Prisma ...
2 years ago Darkreading.com
Latest Information Security and Hacking Incidents - User data security has grown critical in an era of digital transactions and networked apps. The misuse of OAuth applications is a serious danger that has recently attracted attention in the cybersecurity field. OAuth is a widely used authentication ...
2 years ago Cysecurity.news
Microsoft: OAuth apps used to automate BEC and cryptomining attacks - Microsoft warns that financially-motivated threat actors are using OAuth applications to automate BEC and phishing attacks, push spam, and deploy VMs for cryptomining. OAuth is an open standard for granting apps secure delegated access to server ...
2 years ago Bleepingcomputer.com
Money-grubbing crooks abuse OAuth apps for BEC, phishing The Register - Multiple miscreants are misusing OAuth to automate financially motivated cyber crimes - such as business email compromise, phishing, large-scale spamming campaigns - and deploying virtual machines to illicitly mine for cryptocurrencies, according to ...
2 years ago Go.theregister.com
Discovering SSRF Flaws in Microsoft Azure Services - Microsoft Azure is an incredibly popular cloud computing platform and its services are used around the world. Recently, security researchers uncovered several Server-Side Request Forgery (SSRF) flaws in many of Microsoft Azure’s services. This type ...
3 years ago Securityaffairs.com
Google links WinRAR exploitation to Russian, Chinese state hackers - Google says that several state-backed hacking groups have joined ongoing attacks exploiting a high-severity vulnerability in WinRAR, a compression software used by over 500 million users, aiming to gain arbitrary code execution on targets' systems. ...
2 years ago Bleepingcomputer.com CVE-2023-38831 CVE-2023-40477 APT28
Ahead of Regulatory Wave: Google's Pivotal Announcement for EU Users - Users in the European Union will be able to prevent Google services from sharing their data across different services if they do not wish to share their data. Google and five other large technology companies must comply with the EU's Digital Markets ...
2 years ago Cysecurity.news

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)