Security News

A design flaw in Google Workspace's domain-wide delegation feature, discovered by Hunters' Team Axon, can allow attackers to misuse existing delegations, enabling privilege escalation and unauthorized access to Workspace APIs without Super Admin privileges. Such exploitation could result in the theft of emails from Gmail, data exfiltration from Google Drive, or other unauthorized actions within Google Workspace APIs on all the identities in the target domain.

Cybersecurity researchers have detailed a "severe design flaw" in Google Workspace's domain-wide delegation (DWD) feature that could be exploited by threat actors to facilitate privilege...