Cybersecurity researchers have disclosed details of a now-patched zero-day flaw in Google Cloud Platform (GCP) that could have enabled threat actors to conceal an unremovable, malicious application inside a victim’s Google account.
Israeli cybersecurity startup Astrix Security, which discovered and reported the issue to Google on June 19, 2022, dubbed the shortcoming GhostToken.
The issue
Source:: The Hackers News