All news with #clickjacking tag

Click Studios Patches Passwordstate Authentication Bypass

🔒 Click Studios released Passwordstate 9.9 (Build 9972) on August 28, 2025, to remediate a high-severity authentication bypass that could be triggered via a carefully crafted URL against the product's Emergency Access page. The update also introduces enhanced safeguards in the web interface and browser extension to mitigate DOM-based clickjacking attacks. The company noted that no CVE has been assigned yet and emphasized that customers should apply the update promptly. Passwordstate is used by thousands of organizations globally, increasing the urgency of patching.

Password Manager Auto-Fill Flaw, Quantum Risks, Devices

🔒 In this edition of the Smashing Security podcast Graham Cluley and guest Thom Langford examine how some password managers can be tricked into auto-filling secrets into cookie banners via a clickjacking sleight-of-hand. They discuss practical defenses for website owners and hardening steps for users to protect their personal vaults. The episode also covers post-quantum concerns—"harvest-now, decrypt-later"—Microsoft’s 2033 quantum-safe commitment, and device update risks including printers, plus lighter segments like a dodgy URL "shadyfier" and repurposing an iMac G4 as a media hub.