Gmail’s multi-factor authentication bypassed by hackers to pull off targeted attacks

Russian hackers have bypassed Google's multi-factor authentication MFA in Gmail to pull off targeted attacks, according to security researchers at Google Threat Intelligence Group GTIG. The hackers pulled this off by posing as US Department of State officials in advanced social engineering attack...

Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign

Threat actors with suspected ties to Russia have been observed taking advantage of a Google account feature called application specific passwords or app passwords as part of a novel social engineering tactic designed to gain access to victims' emails. Details of the highly targeted campaign were...

CVE-2025-5098

PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user's Gmail account without proper authorization...

CVE-2025-5098

PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user's Gmail account without proper authorization...

CVE-2025-5098 KL-001-2025-003: Mobile Dynamix PrinterShare Mobile Print Gmail Oauth Token Disclosure

PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user's Gmail account without proper authorization...

CVE-2025-5098

CVE-2025-5098 affects Mobile Dynamix PrinterShare Mobile Print (Android). Technical details from KoreLogic KL-001-2025-003 show the vulnerability arises in the Android app where Gmail OAuth tokens are captured and stored in plaintext, enabling token reuse to access a user’s Gmail account. The fla...

CVE-2025-5098 KL-001-2025-003: Mobile Dynamix PrinterShare Mobile Print Gmail Oauth Token Disclosure

PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user's Gmail account without proper authorization...

PT-2025-22571 · Unknown · Printershare

Name of the Vulnerable Software and Affected Versions: PrinterShare affected versions not specified Description: The issue allows the capture of Gmail authentication tokens, which can be reused to access a user's Gmail account without proper authorization. This affects the PrinterShare Android...

CVE-2022-20270

In Content, there is a possible way to learn gmail account name on the device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID...

CVE-2020-24904

An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted "mailto" link...

CVE-2014-125075

A vulnerability was found in gmail-servlet and classified as critical. This issue affects the function search of the file src/Model.java. The manipulation leads to sql injection. The identifier of the patch is 5d72753c2e95bb373aa86824939397dc25f679ea. It is recommended to apply a patch to fix thi...

CVE-2019-12912

Redbrick Shift through 3.4.3 allows an attacker to extract emails of services such as Gmail, Outlook, etc. used in the application...

CVE-2012-6313

simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace...

CVE-2014-7984

Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication...

Mobile Dynamix PrinterShare Mobile Print Gmail Oauth Token Disclosure

Vulnerability Details Affected Vendor: Mobile Dynamix Affected Product: PrinterShare Mobile Print Affected Version: up to 12.15.01 Platform: Android CWE Classification: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor, CWE-313: Cleartext Storage in a File or on Disk CVE ID:...

A week in security (April 21 – April 27)

Last week on Malwarebytes Labs: AI is getting "creepy good" at geo-guessing Zoom attack tricks victims into allowing remote access to install malware and steal money Android malware turns phones into malicious tap-to-pay machines 4.7 million customers’ data accidentally leaked to Google by Blue...

Gmail’s New Encrypted Messages Feature Opens a Door for Scams

Google is rolling out an end-to-end encrypted email feature for business customers, but it could spawn phishing attacks, particularly in non-Gmail inboxes...

All Gmail users at risk from clever replay attack

Cybercriminals are abusing Google’s infrastructure, creating emails that appear to come from Google in order to persuade people into handing over their Google account credentials. This attack, first flagged by Nick Johnson, the lead developer of the Ethereum Name Service ENS, a blockchain...

Enterprise Gmail Users Can Now Send End-to-End Encrypted Emails to Any Platform

On the 21st birthday of Gmail, Google has announced a major update that allows enterprise users to send end-to-end encrypted E2EE to any user in any email inbox in a few clicks. The feature is rolling out starting today in beta, allowing users to send E2EE emails to Gmail users within an...

Linux Distros Unpatched Vulnerability : CVE-2020-24904

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted mailto link...