Ars Technica

Startup necromancy: Dead Google Apps domains can be compromised by new owners

Lots of startups use Google’s productivity suite, known as Workspace, to handle email, documents, and other back-office matters. Relatedly, lots of business-minded webapps use Google’s OAuth, i.e.
TechRepublic

Fake Google Security Alert Hides a Phishing Scam

A developer reported the scam after noticing a slight discrepancy in the email address. The scam passed Google’s own DKIM checks. One of the oldest signs of a scam email is an incorrect domain.
Bleeping Computer

Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts

A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers full ...
Hosted on MSN

Beware, hackers can apparently now send phishing emails from “no-reply@google.com”

Crooks are abusing Google's notification system to bypass email protection Through OAuth apps, they are able to generate convincing phishing emails The campaign also uses sites.google.com Researchers ...
InfoWorld

A wake-up call for identity security in devops

The GitHub OAuth attack exposed a security blind spot in the ever-growing web of permissions spanning developers, service accounts, and third-party OAuth apps. Here’s how to address it. In early 2025, ...