Ars Technica

Startup necromancy: Dead Google Apps domains can be compromised by new owners

Lots of startups use Google’s productivity suite, known as Workspace, to handle email, documents, and other back-office matters. Relatedly, lots of business-minded webapps use Google’s OAuth, i.e.
TechRepublic

Fake Google Security Alert Hides a Phishing Scam

A developer reported the scam after noticing a slight discrepancy in the email address. The scam passed Google’s own DKIM checks. One of the oldest signs of a scam email is an incorrect domain.
Bleeping Computer

Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts

A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers full ...
TechCrunch

Employees of failed startups are at special risk of stolen personal data through old Google logins

As if losing your job when the startup you work for collapses isn’t bad enough, now a security researcher has found that employees at failed startups are at particular risk of having their data stolen ...
InfoWorld

A wake-up call for identity security in devops

The GitHub OAuth attack exposed a security blind spot in the ever-growing web of permissions spanning developers, service accounts, and third-party OAuth apps. Here’s how to address it. In early 2025, ...
Security Boulevard

OAuth Scopes & Consent: Complete Guide to Secure API Authorization

Learn how to design secure OAuth scopes and consent flows for enterprise applications. A complete guide for CTOs on API ...