Passkeys were rapidly adopted as the authentication gold standard. With 15 billion enabled accounts and 550% growth in usage this year, enterprises worldwide adopted passkeys as the primary way to authenticate access to enterprise SaaS apps. On the DEF CON 33 main stage, SquareX

After three decades in cybersecurity, Patrick Benoit has watched organizations make the same fundamental mistakes repeatedly. As President and Virtual CISO of Cyber Risk Insights, he's protected everything from global enterprises like Brink's across 53 countries to small

Why do security programs consistently fail to get developer buy-in? Clea Ostendorf, co-founder of Wolfpack Security, has seen this challenge firsthand in her journey from sales to building a security consultancy. Speaking with @JohnCarse on the Be Fearless Podcast, Clea reveals

Apple, Google, and Microsoft have driven widespread passkey adoption over the past three years, positioning them as the secure alternative to passwords. But what happens when that security assumption breaks?. In our webinar, Shourya Pratap Singh (@shouryaps) will walk you through

RT @opsmatters_uk: #SquareX disclose major passkey vulnerability at #DEFCON33 main stage that puts major banking, shopping and enterprise #….

RT @Cyber_O51NT: A recent report from SquareX Ltd. reveals that passkeys, a popular alternative to passwords, can be hijacked via malicious….

RT @techintelpro: @getsquarex reveals a major passkey vulnerability at #DEFCON33. Founder Vivek Ramachandran warns: without a browser secur….

RT @toptechcyber: A significant vulnerability affecting passkey authentication, widely regarded as a secure passwordless method, has been d….

RT @SiliconANGLE: New research shows passkeys can be hijacked through malicious extensions

RT @duncanriley: New research shows passkeys can be hijacked through malicious extensions via @SiliconANGLE.

Passkeys were designed to eliminate authentication vulnerabilities through cryptographic security and device-based verification. The Passkey Pwned attack changes everything. Malicious browser extensions can intercept passkey registration and authentication flows, allowing

With 15 billion accounts being passkey-enabled today, enterprises worldwide have been rapidly adopting passkeys as the primary way to authenticate access to enterprise SaaS apps. But our @DEFCON 33 research proves this trust may be misplaced. SquareX has broken the myth that

What does it take to secure one of the world's most well-known pizza brands? . In this episode with Aleksandra Melnikova, Stephen Bennett, Global CISO at @Dominos Pizza, discusses the unique cybersecurity challenges he faces - from credential stuffing attacks to managing security

The myth that passkeys cannot be stolen has been broken. Our research team disclosed how attackers can exploit the browser's role as a trusted mediator in passkey authentication, intercepting communication between authenticator and server through malicious extensions.

Our @DEFCON 33 passkey vulnerability research demonstrates how malicious browser extensions can intercept WebAuthn calls to fake passkey registration and authentication, enabling attackers to access enterprise SaaS apps without legitimate devices or biometrics. Covered by Zak

Breaking the passkey promise wasn't supposed to be this easy. At DEFCON 33, our research team disclosed a major passkey vulnerability that allows attackers to fake passkey registration and authentication through malicious browser extensions, enabling full access to enterprise

Over the past several months, Google Cloud Threat Intelligence has been tracking a campaign abusing @Salesforce integrations that has caused a wave of breaches affecting prominent companies worldwide such as Adidas, Dior, and Google itself, with the latest disclosure coming from

@SiliconANGLE Learn more about the 2025 TechForward Awards:

We're honored to announce that SquareX has been named a @SiliconANGLE Award: 2025 TechForward Award Finalist in the Security Tech - Real-Time Threat Mitigation Category!. This recognition validates our pioneering work in Browser Detection & Response, addressing the critical

A sophisticated OAuth attack campaign targeting @Salesforce integrations has already breached major companies like Adidas, Dior, Google, and Workday. Unlike traditional phishing attacks, these threat actors exploit trusted OAuth mechanisms to gain access to Salesforce data via