click

A single click and goodbye to our passwords. This is the vulnerability that affects the extensions of several managers

by

We trust our Password managers as if they were digital safes. But, According to expert Marek Tóthjust visit the wrong website and click where it does not correspond to put that armor at risk. The technique presented in Def with 33 does not point to applications, but to extensions we use daily In the browser. In his tests, he ensures that this gesture can activate an information theft system without the user perceiving it. The research, made public in one of the main international conferences of computer security, documents how eleven extensions of password managers could be manipulated to filter data. Toth states that he notified the finding of manufacturers in April 2025 and that in mid -August several still still had corrections. The study includes practical tests, websites designed to demonstrate the failure and an estimate of the scope: about 40 million potentially exposed active facilities. How the attack works and why it affects you The technique described by Tóth is based on hiding the elements that the extensions insert on the page so that the user interacts with them without seeing it. With minimal changes in opacity or overlapthe attacker gets that The self -fulfilling is activated in the background. And there are several ways to achieve it, from manipulating the root element of the extension to altering the entire body of the site, in addition to variants by overlap. The most delicate scenario appears when a trap website is not necessary, but it is enough to take advantage of a legitimate page with a security failure. In those cases, he explains, the attacker can capture login credentials. The risk increases because many managers fill data not only in the original domain, but also in subdomains, which expands the attack surface without the user noticing it. According to data published by Tóth and collected by Socketon August 19, 1Password, Bitwarden, ENPASS, were continued as vulnerable Icloud PasswordsLastpass and Logmeonce. On August 20, Socket updated that Bitwarden had sent version 2025.8.0 with a patch, pending distribution in extensions. Among the managers who did apply corrective measures are NordPass, Dashlane, Keeper, Protonass and Roboform. Of course, this list can vary at any time if other companies publish arrangements after the dissemination. Extension of password manager for the browser The manufacturers reaction was disparate. Socket points out that 1Password and Lastpass classified the ruling as “informative”, a category that usually implies absence of immediate changes. Bitwarden, ENPASS and Apple (Icloud Passwords) confirmed that They work in updateswhile Logmeonce did not respond to contact attempts. Some companies admitted the existence of risk, but related to external vulnerabilities at the sites visited. While some developers decide how to act, Toth and Socket team agree that there are practical measures to reduce exposure. One of the most effective is to deactivate the manual self -fulfilling and resort to copying and paste. It is also recommended to configure the automatic filling only for exact URL coincidences, preventing it from working in subdomains. In chromium -based browsers, the use of the extension can be limited with the access option “When clicking”, so that the user explicitly authorizes each use. The researcher shows how it is possible to overlap invisible elements on the page to deceive the user and press the password manager without realizing it Not everything is as immediate as clicking and losing everything. For the attack to succeed, the extension must be unlocked, the browser has not restarted and the user interact at the right time. In addition, the analysis focused only on eleven extensions. There is no evidence that All solutions The market is vulnerable, although the expert warns that the pattern can be repeated in other types of extensions. The weak point is in the SUNthe internal structure used by websites to organize buttons, forms or menus. Password managers insert their elements there, and if a malicious page manages to move them, hide or force them, the user can end up clicking without realizing it. That same risk extends to other extensions such as cryptocurrency wallets or notes applications. Images | Xataka with Gemini 2.5 In Xataka | How to change all our passwords according to three cybersecurity experts

This company was 158 years old and 700 employees. A weak password and click were enough to take it to bankruptcy

by

Imagine that you are working in a logistics company, of those that are responsible for managing the entire process so that a product arrives from one point to another, such as those that Amazon’s orders bring to us when we make a purchase, and that from one moment to another all the necessary systems to make the business stop working Due to a cyber attack. What would happen? If the systems do not return to normal, it would probably be a matter of time for the company to pay the consequences. Of course, such a scenario should be avoided with cybersecurity measures, protocols, backups and others. But, let’s be sincere, not everyone is prepared as they should face security threats, even when they have the ability to severely damage or destroy your business. This is what has apparently happened to a British business group called KNPwhich operated 500 trucks under several companies, including a call Knights of Old. When cybersecurity fails, the business can sink The KNP CEO, Paul Abbott, He said in an interview with the BBC That it is believed that a group of cybercriminals managed to infiltrate the systems by guessing the password of one of its employees. What the group of malicious actors did, apparently called Akira, was Straw the data With a ransomware. “If you are reading this, it means that your company’s internal infrastructure is totally or partially dead …”, he said part of the rescue note that, curiously, did not include a specific rescue figure. While the latter may seem unusual, it is also somewhat understandable. Some groups of cybercriminals They have even their own support mechanismswhere they can talk and negotiate with their victims. Recall that the final objective is usually to earn money, so we would rarely see a rescue figure high enough so that the attacked does not meet, but strong enough for the movement to mean some gain. It did not transcend how much money the cybercriminals requested, but it is known that, according to the company, They did not have the money To make the rescue payment. The aforementioned British media collects the analysis of specialists that points to 5 million pounds (about 5.7 million euros). The amount of money, they point out, was unassumable for the company. It is not clear if from the firm they continued to negotiate with the group, but explain that by the end of 2023 the data “were lost” and the company soon declared themselves in bankruptcy. Most employees were dismissed (about 730) and only 170, from one of the companies, called Nelson Distribution, based in Derby, retained their job, but this company was sold. This was the sad outcome for a firm with more than 150 years old. It is likely that after reading this, many questions will come to mind, for example, about the preventive and mitigation measures of which we talked to the beginning. According to those responsible, KNP complied with industry standards and had insurance against cyber attacks. Apparently none of this was enough. Nor do we know if the company already dragged some kind of previous problem and the cyber attack what it did was complicate everything. It is not a unique case. QUALYSEC warns that 60% of small businesses that suffer a cyber attack end up closing in the following six months for not having sufficient resources to recover. A report from Verizon in 2020 already underlined That same figure, highlighting the financial damage, the loss of reputation, the distrust of the clients and the operating chaos that leaves an attack. Images | Man Truck & Bus UK | Freepik In Xataka | Spain gave Huawei the storage of judicial telephone listeners. Now the United States and the EU have questions

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.