Kaspersky reports ToddyCat’s Umbrij abuses headless Chromium and OAuth flows to extract Gmail authorization codes, enabling ...
Attackers don't need any special authentication to reach a target endpoint — they just need to know where it is.