Attackers find ways to bypass synced passkeys
If you’re thinking about using synced passkeys for your organization, you might want to hit the brakes. A recent piece from The Hacker News reveals that these synced passkeys come with a hefty risk
If you’re thinking about using synced passkeys for your organization, you might want to hit the brakes. A recent piece from The Hacker News reveals that these synced passkeys come with a hefty risk. They’re tied to your cloud accounts and recovery processes, making them vulnerable to attacks. Hackers can use adversary-in-the-middle kits to bypass strong authentication, which is pretty alarming.
But it gets worse. Malicious browser extensions can hijack your WebAuthn requests, messing with passkey sign-ins and even leaking your credentials and one-time codes. The takeaway? If you want to keep your company’s data safe, consider switching to device-bound passkeys, like those offered by hardware security keys. They provide better security and control, which is crucial for any enterprise looking to protect its digital assets. So, if you’re in charge of cybersecurity, now might be a good time to rethink those synced passkeys.
More insights from the team
Continue exploring adjacent research and threat briefings selected for their relevance to this topic.
U.S. Congressional Budget Office faces suspected cyberattack
The U.S. Congressional Budget Office is in hot water after a suspected foreign cyberattack breached its network. The CBO recently confirmed the incident, raising concerns about the potential exposu...
Researchers uncover vulnerabilities in ChatGPT that expose data
Hey there! If you’re a fan of ChatGPT, you might want to pay attention. Researchers just uncovered a bunch of vulnerabilities in OpenAI's latest models, GPT-4o and GPT-5. These issues could let att...
Gootloader malware resurfaces with new tactics after seven months
Gootloader malware is back in the game after a seven-month hiatus, and it’s got some new tricks up its sleeve. This sneaky malware loader is once again using SEO poisoning to push fake websites tha...