"Google Accounts Compromised: Hackers Bypass Passwords for Access"
A zero-day exploit in Google's cookie generation process, known as "MultiLogin," allows hackers to gain unauthorized access to Google accounts without needing passwords. The exploit enables session persistence, making it difficult for the true account owner to kick out the hacker with a password reset. Hackers have already incorporated the exploit into info-stealing malware, and various threat groups have rapidly adopted the technique. Google is yet to roll out a comprehensive solution, and affected users are advised to log out of all devices and browsers before resetting their passwords with sufficiently complex and unique ones.
