GhostToken GCP Bug Gives Entry To Attackers Into Google Accounts

Security experts have revealed information about a Google Cloud Platform (GCP) zero-day vulnerability that has since been patched that may have allowed threat actors to hide an irremovable, malicious application inside a victim’s Google account. The flaw, dubbed GhostToken by Israeli cybersecurity outfit Astrix Security, affects all Google accounts, including Workspace accounts geared at businesses. […]

account accounts application astrix security attackers bug businesses cloud cloud platform cybersecurity entry experts flaw forensic gcp google google account google accounts google cloud google cloud platform hacking hide identity and access management (iam) information israeli malicious malicious application malware and vulnerabilities may news & analysis platform security security experts threat threat actors threat intelligence victim vulnerability workspace zero-day zero-day vulnerability