The reported malware chain targets Google’s OAuth flow, showing how a live browser session can become the real prize in email compromise.
A reported .NET tool linked to ToddyCat turns Google’s consent flow into an access path, showing why token abuse now belongs on every defender’s checklist.