Security News

If you're a Google Workspace administrator or user selecting an application from the Google Workspace Marketplace, your first task is to make sure an application does the job you want completed as easily as possible. Google offers an Independent Security Verification badge for applications in the Google Workspace Marketplace.

Cybersecurity researchers from the firm Hunters discovered a vulnerability in Google Workspace that could allow unwanted access to Workspace APIs.According to the Hunters team, the vulnerability is based on Google Workspace's role in managing user identities across Google Cloud services.

A design flaw in Google Workspace's domain-wide delegation feature, discovered by Hunters' Team Axon, can allow attackers to misuse existing delegations, enabling privilege escalation and unauthorized access to Workspace APIs without Super Admin privileges. Such exploitation could result in the theft of emails from Gmail, data exfiltration from Google Drive, or other unauthorized actions within Google Workspace APIs on all the identities in the target domain.

Cybersecurity researchers have detailed a "severe design flaw" in Google Workspace's domain-wide delegation (DWD) feature that could be exploited by threat actors to facilitate privilege...