Cybercriminals are using a new type of malware named ‘MultiLogin’, which abuses Google’s OAuth endpoint to sign back into user accounts by reviving expired cookies, according to a report by BleepingComputer. The malware reportedly pilfered tokens and account data from Google accounts, including saved passwords to ensure ongoing access to these accounts. Google has yet to acknowledge or suggest mitigation measures for this threat.
Go Module Mirror served backdoor to devs for 3+ years
Google’s mirror proxy for Go programming language developers promoted a backdoored package for over three years. The service, Go Module Mirror, fastens and verifies downloads’