Bleeping Computer

Google: Malware abusing API is standard token theft, not an API issue

Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired. In late November 2023, ...
Security Boulevard

API Authentication Methods Explained: API Keys, OAuth, JWT & HMAC Compared

A deep dive comparing API Keys, OAuth 2.0, JWT, and HMAC for CTOs. Learn which api authentication method fits your enterprise SSO and IAM strategy.
Bleeping Computer

Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts

Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if an ...
VentureBeat

Google combines Sign in with Google and One Tap into a single identity SDK

Google has consolidated several of its identity and authentication APIs under a single software development kit (SDK) called Google Identity Services. The new SDK features existing APIs, including the ...
Infosecurity-magazine.com

The Growing Threat of Broken Authentication Attacks on APIs

Application programming interfaces (APIs) are integral to the functionality of the internet today. By enabling communications between programs, they make many processes more efficient and convenient, ...