Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

SquareX Discloses Major Passkey Vulnerability at DEF CON 33

SquareX recently revealed a significant vulnerability in passkey technology at DEF CON 33, highlighting critical security concerns in modern authentication methods. This vulnerability could potentially allow attackers to bypass security measures, putting user data at risk. The disclosure underscores the importance of rigorous security assessments and continuous improvements in authentication protocols to safeguard digital identities. As passkeys gain popularity as a replacement for traditional passwords, understanding and mitigating such vulnerabilities is crucial for both developers and users. This article delves into the details of the vulnerability, its implications for cybersecurity, and the steps needed to enhance passkey security moving forward. At DEF CON 33, SquareX's security researchers presented their findings on a major flaw affecting passkey implementations. Passkeys, designed to offer a more secure and user-friendly alternative to passwords, rely on cryptographic keys stored on devices. However, the discovered vulnerability exposes weaknesses that could be exploited by threat actors to gain unauthorized access. This revelation serves as a wake-up call for the cybersecurity community to prioritize the robustness of passkey systems. The impact of this vulnerability extends beyond individual users to organizations adopting passkey technology for authentication. Attackers exploiting this flaw could compromise sensitive information, leading to data breaches and financial losses. Therefore, it is imperative for companies to stay informed about such vulnerabilities and implement recommended security patches promptly. Collaboration between security researchers, developers, and industry stakeholders is essential to fortify passkey security and maintain trust in emerging authentication technologies. In conclusion, the SquareX disclosure at DEF CON 33 highlights a pivotal moment in the evolution of authentication security. While passkeys represent a promising advancement, this vulnerability emphasizes the need for ongoing vigilance and proactive security measures. By addressing these challenges head-on, the cybersecurity community can ensure that passkeys fulfill their potential as a secure and convenient authentication solution.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 28 Aug 2025 14:15:38 +0000

Cyber News related to SquareX Discloses Major Passkey Vulnerability at DEF CON 33

SquareX Discloses Major Passkey Vulnerability at DEF CON 33 - SquareX recently revealed a significant vulnerability in passkey technology at DEF CON 33, highlighting critical security concerns in modern authentication methods. This vulnerability could potentially allow attackers to bypass security measures, ...
1 week ago Cybersecuritynews.com

SquareX to Uncover Data Splicing Attacks at BSides San Francisco, A Major DLP Flaw that Compromises Data Security of Millions - Titled “Data Splicing Attacks: Breaking Enterprise DLP from the Inside Out”, the talk will demonstrate multiple data splicing techniques that will allow attackers to exfiltrate any sensitive file or clipboard data, completely bypassing major Data ...
4 months ago Cybersecuritynews.com

SquareX Unveils Polymorphic Extensions that Morph Infostealers into Any Browser Extension - Password Managers, Wallets at Risk - In addition to the polymorphic attack, SquareX was also the first to discover and disclose multiple extension-based attacks, including Browser Syncjacking, the Chrome Store consent phishing attack leading to Cyberhaven’s breach and numerous other ...
5 months ago Cybersecuritynews.com

Passkey Redaction Attacks Subvert GitHub, Microsoft Authentication - While online accounts are increasingly protected by passkey technology, it turns out that many banking, e-commerce, social media, website domain name administration, software development platforms, cloud accounts, and more can still be compromised ...
1 year ago Darkreading.com

SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk - As browsers become the new endpoint, it is crucial for enterprises to reconsider their browser security strategy – just as EDRs were critical to defend against file-based ransomware, a browser-native solution with a deep understanding of ...
5 months ago Cybersecuritynews.com

SquareX Reveals That Employees Are No Longer The Weakest Link, Browser AI Agents Are - SquareX’s research reveals that Browser AI Agents are more likely tofall prey to cyberattacks than employees, making them the new weakest link that enterprisesecurity teams need to look out for. Moreimportantly, employees using Browser AI Agents ...
2 months ago Cybersecuritynews.com

Getting Started With Passkeys, One Service at a Time - In addition to the major three technology firms supporting passkeys - Apple, Google and Microsoft - third-party password providers, such as 1Password and Bitwarden, implemented their own support for managing the credentials. Overall, more than 7 ...
1 year ago Darkreading.com

Malicious Chrome extensions can spoof password managers in new attack - In SquareX's demonstration, the attackers impersonate the 1Password password manager extension by first disabling the legitimate one using the 'chrome.management' API, or if the permissions aren't available, user interface manipulation tactics to ...
5 months ago Bleepingcomputer.com

Stytch offers toolkit for developers to build, implement, and customize passkey-based authentication - Stytch announced its Passkeys offering, giving developers the easiest way to build, customize and maintain passkey-based authentication in their applications. Stytch's new solution offers a flexible, API-first approach to passkeys that abstracts the ...
1 year ago Helpnetsecurity.com

How to Use Titan Security Keys With Passkey Support - Google's updated Titan Security Keys can serve as a multifactor authenticator and store passkeys to replace passwords. Google announced the availability of Titan Security Keys with passkey support in mid-November 2023; the initial Titan Security Keys ...
1 year ago Techrepublic.com

How To Start Using Passkeys? - To embark on this journey of enhanced protection, the initial step is to comprehend the essence of passkeys and their pivotal role in safeguarding your digital assets. The process kicks off with selecting a robust and unique passkey that serves as ...
1 year ago Hackersonlineclub.com

15 Billion User Gain Passwordless Access to Microsoft Account Using Passkeys - As the first-ever World Passkey Day replaces the traditional World Password Day, Microsoft joins the FIDO Alliance in celebrating a milestone achievement: over 15 billion online accounts now have access to passwordless authentication through ...
4 months ago Cybersecuritynews.com

Millions of Enterprises at Risk: SquareX Shows How Malicious Extensions Bypass Google’s MV3 Restrictions - Cybersecurity Insiders - This has made browser extensions a very effective and potent technique to silently be installed and monitor enterprise users, and attackers are leveraging them to monitor communication over web calls, act on the victim’s behalf to give permissions ...
11 months ago Cybersecurity-insiders.com

X Launches Secure Login with Passkey for iOS Users in US - X is set to allow users to login in with a passkey rather than a password, but only on iOS devices. X earlier announced its intention to roll out passwordless technology, and it has now made the option available to iPhone customers. It enables a ...
1 year ago Cysecurity.news

WebAuthn Conditional UI - Despite its recent introduction and ongoing adoption by browsers, there's a noticeable gap in technical documentation and implementation advice for Conditional UI. This article aims to bridge that gap by explaining what Conditional UI is, how it ...
1 year ago Feeds.dzone.com

Bitwarden: how to create and use Passkeys to sign in - They can use a master password and improve security by adding a two-factor authentication option to the process. A private part of it never leaves the device, which means that all standard password attacks don't work against passkeys. I used the ...
1 year ago Ghacks.net

New Developer Tools Are Necessary to Boost Passkey Adoption - The password-less technology known as passkeys are esoteric, far from widely adopted, and confusing for consumers. Based on the WebAuthn standard created by the World Wide Web Consortium and the FIDO Alliance - and jointly supported by Apple, Google, ...
1 year ago Darkreading.com

DEF CON is canceled! No, really this time, but it's back on The Register - It's an annual meme that DEF CON infosec conference has been canceled, but this time it actually happened. The world's largest hacking conference, held since 1993 and lately drawing in as many as 30,000 attendees, has been held in venues owned by the ...
1 year ago Go.theregister.com

New Bluetooth Vulnerability Leak, Your Passcode to Hackers During Pairing - The vulnerability, CVE-2020-26558, is found in devices supporting the Passkey Entry association model in various Bluetooth Core Specifications, ranging from version 2.1 to 5.4. It affects BR/EDR Secure Simple Pairing and LE Secure Connections Pairing ...
11 months ago Gbhackers.com CVE-2020-26558

New Bluetooth Vulnerability Leak Your Passcode to Hackers During Pairing - To mitigate this risk, Bluetooth Core Specification 5.4 advises that devices should fail a pairing procedure if a peer’s public key X coordinate matches that of the local device, except when a debug key is used. This vulnerability, known as ...
11 months ago Cybersecuritynews.com CVE-2020-26558

Warning: Undefined array key "host" in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 364

Warning: Undefined variable $domain_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 466

CVE-2020-26558 - Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public ...
2 years ago

CVE-2022-25836 - Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing ...
2 years ago