Account Takeover Attack on X via OAuth Impersonation
twitter.comThis is scary.
The url says www.calender.google.com - typo - calender instead of calendar - but still google.com.
If the TLD is legit, how can anyone figure out this is a suspicious app?
Even a legitimate app asking for full-access to an account shouldn’t be approved by X.