New Phishing Technique – Vaultjacking: One Captured PIN, the Entire Google Password Manager Vault

News
Yanac

I’ve been hard at work on a NEW phishing technique I’m excited to share. I’m calling it “Vaultjacking” and the impact is honestly a bit sobering. In my blog I demonstrate how a single AiTM landing page can spoof your Google passkey/password manager PIN and use that to access ALL of a victim’s third-party credentials (yes, including passkeys). A simple phish on one site can lead to a total compromise of all Chrome-saved credentials. submitted by /u/phishullc [link] [comments]Technical Information Security Content & DiscussionRead More