Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset

Updated on January 3, 2024

Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even after a password reset.
According to CloudSEK, the critical exploit facilitates session persistence and cookie generation, enabling threat actors to maintain access to a valid session in an…

Read the rest of the story at Read More

Source: The Hacker News

December 3, 2024 Uncategorized

Cisco Warns of Exploitation of Decade-Ol...

April 5, 2025 Uncategorized

North Korean Hackers Deploy BeaverTail M...

April 24, 2025 Uncategorized

Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset

Related posts

Cisco Warns of Exploitation of Decade-Ol...

North Korean Hackers Deploy BeaverTail M...

WhatsApp Adds Advanced Chat Privacy to B...

Leave a Comment Cancel reply

Recent News

Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi

Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed

⚡ Weekly Recap: Nation-State Hacks, Spyware Alerts, Deepfake Malware, Supply Chain Backdoors

Perfection is a Myth. Leverage Isn’t: How Small Teams Can Secure Their Google Workspace

Golden Chickens Deploy TerraStealerV2 to Steal Browser Credentials and Crypto Wallet Data

Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack

Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware

U.S. Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems

TikTok Slammed With €530 Million GDPR Fine for Sending E.U. Data to China

How to Automate CVE and Vulnerability Advisory Response with Tines