Passkey Pwned attack: How to secure against it

SquareX researchers recently disclosed a critical vulnerability in passkey security. Our team demonstrated how malicious browser extensions can intercept passkey authentication flows, enabling attackers to access enterprise accounts without legitimate devices or biometrics. This research challenges the fundamental assumption that passkeys are unbreakable, proving that browser-based attacks can compromise even the most advanced authentication methods. Read SC Media's coverage of our findings: https://hubs.la/Q03GDTyz0 #cybersecurity #browsersecurity #enterprisesecurity

Walking through Network Attacks in IT Security (under the Google IT Support course), I can honestly say that an attack on the network has to be one of the craziest forms of attacks in IT. The fact that a network is the route of transport for all our data. If that route is compromised, every stop along the way becomes vulnerable. That's wild. One example that hit hard is the DNS cache poisoning attack that hit Brazilian ISPs back in 2011, where millions of users were silently redirected to fake sites, from search engines to banking platforms, simply because attackers poisoned DNS resolvers and even home routers, which resulted into phishing, malware downloads, stolen credentials… all at scale. Going through this, one lesson is clear that securing the transport route is just as important as securing the destination. Given that, when a network is vulnerable, it doesn't just affect one system, it can disrupt an entire organization or even millions of users at once. #ITSecurity #NetworkSecurity #DNS #CyberSecurity #ITSUPPORT #ITExperience

🔐 Information Security Insights from Technokain 𝗨𝗻𝗱𝗲𝗿𝘀𝘁𝗮𝗻𝗱𝗶𝗻𝗴 𝗣𝗵𝗶𝘀𝗵𝗶𝗻𝗴 𝗔𝘁𝘁𝗮𝗰𝗸𝘀: 𝗛𝗼𝘄 𝘁𝗼 𝗜𝗱𝗲𝗻𝘁𝗶𝗳𝘆 𝗮𝗻𝗱 𝗣𝗿𝗼𝘁𝗲𝗰𝘁 𝗔𝗴𝗮𝗶𝗻𝘀𝘁 𝗧𝗵𝗲𝗺 IntroductionPhishing attacks are a prevalent form of social engineering used to deceitfully obtain sensitive information such as login credentials and credit card numbers. 🔗 Read more: https://lnkd.in/g7bB8RRn #CyberSecurity #InfoSec #DataProtection #SecurityAwareness #Technokain

🔔Malware Activity Warning: Recent cybersecurity developments reveal an increase in the scale and sophistication of cyberattacks, highlighted by DDoS-Guard's defense against a record-breaking attack and the discovery of new malware strains like CHILLYHELL and ZynorRAT. These incidents underscore the need for robust, adaptive defenses as state-sponsored and criminal actors continue to deploy massive DDoS campaigns and advanced malware to disrupt operations and compromise digital assets. 🔎 Learn more about the latest malware strains and attack methodologies so you can protect your organization: Stay informed on threat actor activities in today's Cyber Flash Update: https://ankura.co/4n5ZleM #TechNews #CyberCrime #DataProtection

At DEF CON 33, we disclosed a major passkey vulnerability that challenges the security assumptions of what many considered unbreakable authentication. The Passkey Pwned attack exploits the browser as the primary interface for passkey authentication. Malicious extensions and XSS attacks can inject scripts that intercept WebAuthn API calls, generating attacker-controlled key pairs while users remain unaware of the compromise. Since the browser is where passkey authentication occurs, traditional security tools can't provide adequate protection. The solution requires browser-native security that can inspect and block malicious scripts at their source - preventing attackers from compromising registration and authentication flows. SquareX's Browser Detection and Response solution addresses this by blocking extensions that inject these malicious scripts before they can compromise passkey flows. Learn more: https://hubs.la/Q03G8hhG0 #cybersecurity #browsersecurity #enterprisesecurity

The Passkey Pwned attack exploits a critical architectural flaw - there's no secure communication channel between the authenticator and service provider. Both endpoints rely entirely on the browser as a mediator, and all trust ultimately rests on the browser. Watch how a malicious extension intercepts passkey registration and authentication flows, and generates fake keys while users see normal biometric prompts - https://hubs.la/Q03G8dhy0 Complete account compromise happens silently in the background. Traditional security tools like EDR and SASE/SSE lack the necessary visibility in the browser to detect these exploits. From a user perspective, the attack is identical to a legitimate passkey workflow - there's zero visual indicator that can verify the legitimacy of the authentication. Learn more about the attack: https://hubs.la/Q03G8dgD0 #cybersecurity #browsersecurity #enterprisesecurity

Browser Isolation: A Simple Step for Safer Browsing Did you know using separate browsers for sensitive tasks like online banking and casual browsing can significantly reduce your risk of malware attacks? At Gravity Innovision Solutions, we believe small habits can build strong cyber resilience. Protect your sensitive logins by keeping your digital worlds apart. #CyberSecurity #BrowserIsolation #StaySecure #DigitalSafety #GravityInnovision #TechTipTuesday

What is application security, and how can you make it an efficient gatekeeper for cyber defence? Although the best defence would be to close all gates and prevent anything from entering your estate, modern businesses require digital communication in various forms. Application security is your first line of defence, filtering traffic to block threats whilst allowing legitimate traffic through. SCG’s application security utilises the very latest technology to protect your organisation with the highest level of security without compromising the performance of your business. #BeMoreSecure with SCG- set up a call with us now https://lnkd.in/ev8QmdRB #SCG #SCGCorporate #Cybersecurity #ApplicationSecurity

Application security isn’t just about blocking threats, it’s about letting the right traffic through. In a connected world, shutting everything out isn’t an option. That’s why SCG’s application security acts as a smart gatekeeper, protecting your business without slowing it down. If you're thinking about tightening your cyber defences, this is a great place to start. 🔒 #BeMoreSecure with SCG – book a call: https://lnkd.in/ev8QmdRB #SCG #SCGCorporate #Cybersecurity #ApplicationSecurity

Passwords have protected our digital lives for decades, but they’re no longer enough. With rising cyber threats and the demand for convenience, the shift toward passwordless authentication is accelerating. From biometrics and passkeys to FIDO2 standards, organizations are reimagining security with solutions that are faster, safer, and user-friendly. Explore why passwords are fading away and what a passwordless future means for businesses and individuals. Read below to know more..... https://lnkd.in/gCu8SupG #Cybersecurity #Passwordless #DigitalIdentity #FIDO2 #FutureOfSecurity