Surveillance Report Are Your Passwords Safe From This New Exploit?
Aug 25, 2025
A new vulnerability threatens nearly all major password managers, raising alarm about user security. Recent data breaches are discussed, revealing the impact on organizations and questioning the effectiveness of employee training against phishing attacks. Meanwhile, the podcast delves into privacy challenges, including FCC fines against telecom giants for data sharing. Lastly, it showcases exciting tech innovations, like Firefox's updates and a new zero-knowledge photo management app that prioritizes user consent and privacy.
AI Snips
Chapters
Transcript
Episode notes
Host Recommends A Private Photo App
- Henry describes Ente as a zero-knowledge, end-to-end encrypted Google Photos alternative he recommends.
- He highlights features like on-device AI, opt-in facial recognition, self-hosting, and a free 10 GB plan.
Password Managers Share A Common Risk
- Many browser-based password managers are vulnerable to a clickjacking-style attack that triggers autofill to leak credentials.
- Some vendors patched quickly while others called it out-of-scope, revealing inconsistent vendor risk assessments.
Invisible Overlays Trick Autofill Menus
- The attack overlays invisible HTML elements to capture clicks that trigger autofill menus without users noticing.
- This leverages opacity, pointer-event tricks, and fake UI like cookie banners to hide real autofill controls.