Security News

Google has addressed a Cloud Platform security vulnerability impacting all users and allowing attackers to backdoor their accounts using malicious OAuth applications installed from the Google Marketplace or third-party providers.Named GhostToken by Astrix Security, the Israeli cybersecurity startup that found and reported it to Google in June 2022, this security flaw was addressed via a global patch that rolled out in early April 2023.

Cybersecurity researchers have disclosed details of a now-patched zero-day flaw in Google Cloud Platform that could have enabled threat actors to conceal an unremovable, malicious application inside a victim's Google account. "The vulnerability allows attackers to gain permanent and unremovable access to a victim's Google account by converting an already authorized third-party application into a malicious trojan app, leaving the victim's personal data exposed forever," Astrix said in a report.