Several of the best password managers have been found to be vulnerable to a flaw that lets hackers pull off clickjacking attacks. Researcher Marek Tóth recently demonstrated how the bug allows attackers to overlay invisible HTML elements over an interface so that users think they’re clicking on a standard popup but instead, they're actually unknowingly leaking sensitive information like account credentials, 2FA codes or credit card details.

Bleeping Computer reported on Tóth’s findings, which the researcher showed off during the August DEF CON 33 conference. A threat actor can exploit this flaw when a victim visits a malicious website vulnerable to cross-site scripting or cache poisoning, which is where the invisible overlay occurs. The hacker only needs to create a fake site and ensure t

See Full Page