New Google Workspace Security Update Blocks Token Stealing Attacks
Cybersecurity threats are evolving, and Google Workspace is stepping up with a powerful new security feature aimed at stopping one of the fastest-growing types of cyberattacks: cookie theft. The update introduces Device Bound Session Credentials (DBSC), a protection that binds your session cookies directly to your device. If you've ever wondered how hackers manage to bypass two-factor authentication, the answer often lies in stolen tokens—DBSC is Google's latest response to that rising threat.
What Are Token Stealing Attacks and Why Do They Matter?
Token stealing attacks—especially those involving session cookies—let hackers bypass traditional login protections by mimicking your logged-in state on another device. This method recently made headlines when Linus Tech Tips and other YouTube channels were compromised using malware disguised as fake brand offers. These malware strains exfiltrate cookies, giving attackers access to accounts even after users have logged in securely. DBSC tackles this issue by tying the session token to the original login device, rendering the stolen cookie useless elsewhere.
How Google Workspace Is Preventing Cookie Theft
The Google Workspace security update uses DBSC to make session hijacking significantly harder. Once enabled, session credentials won’t work if moved to another system—shutting down the attack vector commonly exploited by info-stealing malware. Currently in beta for Chrome on Windows, DBSC is expected to expand to more platforms soon. Google also notes that tools like Okta and browsers like Microsoft Edge have shown interest in supporting the feature, showing promise for broader industry adoption.
What Workspace Users and Admins Should Do Next
While DBSC adds a strong layer of defense, Google also advises administrators to activate passkeys—a modern alternative to passwords that further secures user access. The company emphasizes the urgency, citing an “exponential rise” in authentication token theft, especially throughout 2025. Whether you’re managing a team or securing your own account, enabling these features will help future-proof your security setup against increasingly sophisticated threats.
Access our platform effortlessly on-the-go through our user-friendly mobile apps.
๐ฆ๐ฒ๐บ๐ฎ๐๐ผ๐ฐ๐ถ๐ฎ๐น ๐ถ๐ ๐๐ต๐ฒ๐ฟ๐ฒ ๐ฟ๐ฒ๐ฎ๐น ๐ฝ๐ฒ๐ผ๐ฝ๐น๐ฒ ๐ฐ๐ผ๐ป๐ป๐ฒ๐ฐ๐, ๐ด๐ฟ๐ผ๐, ๐ฎ๐ป๐ฑ ๐ฏ๐ฒ๐น๐ผ๐ป๐ด. Weโre more than just a social platform โ from jobs and blogs to events and daily chats, we bring people and ideas together in one simple, meaningful space.
