Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

The Battle Against Cookie-Stealing Malware: Google's New Security Update to Protect Workspace Accounts



Google has announced a new security update aimed at preventing the theft of session cookies, which can be used by hackers to gain unauthorized access to users' accounts. The update, dubbed "Device Bound Session Credentials" (DBSC), is designed to protect Google Workspace accounts from token-stealing attacks. By binding session cookies to the user's device, DBSC makes it more difficult for hackers to exfiltrate cookies that keep users logged into their Workspace accounts.

  • The Google Workspace accounts are now protected against token-stealing attacks through the "Device Bound Session Credentials" (DBSC) update.
  • The DBSC feature binds session cookies to the user's device, making it difficult for hackers to steal them remotely.
  • Google has also introduced passkeys as an additional layer of protection for users, and encouraged Workspace administrators to enable this feature for their employees.
  • The DBSC update is currently rolling out in beta for Chrome users on Windows with the aim of eventually becoming a fully-fledged feature.
  • Google plans to work closely with major browsers and browser vendors to ensure widespread adoption of this new security measure.



  • Google has recently announced a new security update aimed at preventing the theft of session cookies, which can be used by hackers to gain unauthorized access to users' accounts. The update, dubbed "Device Bound Session Credentials" (DBSC), is designed to protect Google Workspace accounts from token-stealing attacks, a type of cybercrime that has been gaining traction in recent years.

    According to Google, the company has seen an exponential rise in cookie and authentication token theft over the past couple of years. This trend has intensified in 2025, with hackers becoming increasingly sophisticated in their attempts to steal sensitive information from unsuspecting users. The DBSC update is intended to make it more difficult for these bad actors to exfiltrate cookies that keep users logged into their Workspace accounts.

    The new feature works by binding session cookies to the user's device, rather than allowing them to be stolen remotely. This means that even if a user downloads information-stealing malware or falls victim to a phishing scam, the cookie will not be accessible to attackers who are trying to steal it. As a result, hackers will find it much more difficult to carry out session token-stealing attacks, which often occur when a victim downloads information-stealing malware.

    Google's DBSC update is part of a broader effort to improve security in Google Workspace accounts. The company has also introduced passkeys as an additional layer of protection for users, and has encouraged Workspace administrators to enable this feature for their employees. Passkeys are essentially cryptographic keys that can be used to access online services, and they provide an extra layer of protection against phishing attacks.

    The DBSC update is currently rolling out in beta for Chrome users on Windows, with the aim of eventually becoming a fully-fledged feature. Google has stated that it plans to work closely with major browsers and browser vendors to ensure the widespread adoption of this new security measure.

    This development comes at a time when many online platforms are struggling to keep up with the latest cyber threats. In recent months, we have seen several high-profile cases of hackers taking over accounts on social media platforms and YouTube channels, often through the use of fake sponsorship offers or malware-infected downloads.

    For example, just last month, a bad actor took over the YouTube channel for Linus Tech Tips, along with two other Linus Media Group accounts, after an employee downloaded a fake sponsorship offer containing cookie-stealing malware. This was not an isolated incident, as hackers have been targeting multiple platforms and websites in recent months.

    The DBSC update is an important step forward in the fight against cybercrime, and it highlights the need for online platforms to prioritize security and protect their users' sensitive information. By introducing this new feature, Google is taking a proactive approach to addressing the growing threat of cookie-stealing malware, and its efforts are likely to have a positive impact on the broader cybersecurity landscape.

    In addition to the DBSC update, Google has also been working closely with major browser vendors and security experts to develop new security measures that can help protect users' online accounts. The company's commitment to improving security is evident in its ongoing efforts to address the growing threat of cookie-stealing malware, and its work on the DBSC update is an important step forward in this effort.

    As we move forward into 2025, it is clear that cybercrime will continue to be a major challenge for online platforms and users alike. However, with the introduction of new security measures like DBSC, Google is taking a proactive approach to addressing these threats and protecting its users' sensitive information. By working closely with browser vendors and security experts, Google is helping to create a safer online environment for all users.

    In conclusion, the DBSC update is an important development in the fight against cybercrime, and it highlights the need for online platforms to prioritize security and protect their users' sensitive information. As we move forward into 2025, it is clear that this technology will play a critical role in helping to prevent cookie-stealing malware attacks.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/The-Battle-Against-Cookie-Stealing-Malware-Googles-New-Security-Update-to-Protect-Workspace-Accounts-ehn.shtml

  • https://www.theverge.com/news/715117/google-workspace-dbsc-cookie-stealing-attack


  • Published: Tue Jul 29 09:47:03 2025 by llama3.2 3B Q4_K_M













    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us