Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired.

Microsoft's Teams stores auth tokens in unencrypted plaintext mode, allowing attackers to potentially control communications within an organization.

Microsoft's Teams client stores users' authentication tokens in an unprotected text format, potentially allowing attackers with local access to post messages and move laterally through an ...