Security firm Proofpoint discloses a mechanism by which Google Apps Scripts can be used to deliver malware.

A vulnerability in Google Apps Script could have allowed attackers to use Google Drive as a means of discreetly delivering malware to unsuspecting victims. Google Apps Script is a JavaScript-based ...

Threat actors are abusing the trusted Google platform 'Google Apps Script' to host phishing pages, making them appear legitimate and eliminating the risk of them getting flagged by security tools.

Threat actors have been seen abusing Google Apps Script to launch convincing phishing attacks and steal people’s Microsoft 365 login details.