Google is making it dramatically easier to sign in to apps without OTP or link hassles

Google now lets Android apps verify your email in one tap, no OTP codes and no inbox hunting. Here's how the new Credential Manager API works.

New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.