All news with #clickjacking tag

🔒 Click Studios released Passwordstate 9.9 (Build 9972) on August 28, 2025, to remediate a high-severity authentication bypass that could be triggered via a carefully crafted URL against the product's Emergency Access page. The update also introduces enhanced safeguards in the web interface and browser extension to mitigate DOM-based clickjacking attacks. The company noted that no CVE has been assigned yet and emphasized that customers should apply the update promptly. Passwordstate is used by thousands of organizations globally, increasing the urgency of patching.

🔒 This week's recap spotlights a DOM-based extension clickjacking technique disclosed by researcher Marek Tóth at DEF CON that affects popular browser password manager plugins. Vendors including Bitwarden, Dashlane, Enpass, KeePassXC-Browser, Keeper, LastPass, NordPass, ProtonPass, and RoboForm issued fixes by August 22. Other leading stories cover legacy Cisco devices exploited for persistent access, an actively exploited Apple 0-day in ImageIO, cloud intrusions leveraging trusted partner relationships, and several high-risk CVEs to prioritize.