Neural Newscast

On this briefing of Prime Cyber Insights, Aaron Cole and Lauren Mitchell analyze a sophisticated phishing technique reported by Malwarebytes that abuses OAuth's built-in error redirects. By leveraging legitimate Microsoft and Google login URLs with specific parameters like prompt=none, attackers can bypass traditional security filters to deliver malware or harvest credentials without ever compromising the OAuth token itself. We also examine a critical Qualcomm vulnerability affecting Android devices and a now-patched flaw in Google Chrome that allowed extensions to hijack Gemini AI permissions. Director-level leader Chad Thompson joins the discussion to provide a systems-level perspective on enterprise resilience and identity risk in an era of automated attacks.

Topics Covered

• ⚠️ OAuth Redirection: How attackers use legitimate Microsoft and Google URLs to facilitate phishing and malware delivery.
• 📱 Android Security: Google's patch for 129 vulnerabilities, including an actively exploited Qualcomm component bug.
• 🤖 AI Permissions: A resolved Chrome flaw that allowed extensions to hijack camera, microphone, and file access via Gemini.
• 🏢 Enterprise Risk: The Pentagon's recent decision to replace Anthropic AI with OpenAI due to security risk concerns.
• 🔒 Data Privacy: Samsung's settlement over ACR spying and how to disable viewing data collection on smart TVs.

The information provided in this podcast is for educational and informational purposes only and does not constitute professional security advice. Always consult with your internal security team before implementing significant architectural changes.

Neural Newscast is AI-assisted, human reviewed. View our AI Transparency Policy at NeuralNewscast.com.

• (00:06) - Introduction
• (00:31) - OAuth Redirection Abuse
• (01:29) - Conclusion
• (01:29) - Android and AI Vulnerabilities