Password Managers Leak Data in New Clickjacking Attack - 1

Image by Volodymyr Kondriianenko, from Unsplash

Password Managers Leak Data in New Clickjacking Attack

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

A new study warns that millions of password manager users could be vulnerable to a dangerous browser exploit called “DOM-based Extension Clickjacking.”

In a rush? Here are the quick facts:

  • Attackers can trick users into autofilling data with one fake click.
  • Leaked data includes credit cards, login credentials, and even two-factor codes.
  • 32.7 million users remain exposed as some vendors haven’t patched flaws.

The researcher behind the findings explained : “Clickjacking is still a security threat, but it’s necessary to shift from web applications to browser extensions, which are more popular nowadays (password managers, crypto wallets and others).”

The attack works by deceiving users into clicking on fake elements, including cookie banners and captcha pop-ups, while an invisible script secretly enables the password manager’s autofill function. The researchers explain that the attackers needed only one click to steal sensitive information.

“A single click anywhere on a attacker controlled website could allow attackers to steal users’ data (credit card details, personal data, login credentials including TOTP),” the report states.

The researcher tested 11 popular password managers, including 1Password, Bitwarden, Dashlane, Keeper, LastPass, and iCloud Passwords. The results were alarming: “All were vulnerable to ‘DOM-based Extension Clickjacking’. Tens of millions of users could be at risk (~40 million active installations).”

The tests revealed that six password managers out of nine exposed credit card details, while eight managers out of ten leaked personal information. Furthermore, ten out of eleven allowed attackers to steal stored login credentials. In some cases, even two-factor authentication codes and passkeys could be compromised.

Although vendors were alerted in April 2025, the researchers note that some of them, such as Bitwarden, 1Password, iCloud Passwords, Enpass, LastPass, and LogMeOnce have not yet fixed the flaws. This is particularly concerning since it is leaving an estimated 32.7 million users exposed to this attack.

The researchers concluded: “The described technique is general and I only tested it on 11 password managers. Other DOM-manipulating extensions are probably vulnerable (password managers, crypto wallets, notes etc.).”

Surya AI Offers Early Warnings Of Solar Storms - 2

Image by Justin Dickey, from Unsplash

Surya AI Offers Early Warnings Of Solar Storms

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

NASA collaborated with IBM to produce Surya, their new open-source AI system for predicting solar activity.

In a rush? Here are the quick facts:

  • Surya is trained on 250 TB of NASA solar observatory images.
  • The model predicts solar flares up to two hours in advance.
  • Solar storms can damage satellites, power grids, and radio communications.

MIT Tech Review explains that Surya is trained on more than a decade of NASA solar data, and aims to give scientists early warnings of solar flares that may disrupt life on Earth.

MIT explains that solar storms happen when the sun bursts out energy and particles into space. These storms produce solar flares and coronal mass ejections as energy and particles escape from the sun.

Solar storms can cause major problems: they disrupt radio signals, damage satellites, expose astronauts to radiation, and potentially trigger power grid failures on Earth.

Being able to predict when a flare will strike has always been a challenge. As Louise Harra, an astrophysicist at ETH Zurich, explains, “when it erupts is always the sticking point,” as reported by MIT.

Harra says scientists can often tell from images if a flare is likely soon, but predicting the timing and strength is much harder. The magnitude of solar flares determines the extent of their impact: small flares may disrupt radios every few weeks, while massive solar superstorms could destroy satellites and shut down electricity worldwide.

Surya was trained on over 250 terabytes of images from NASA’s Solar Dynamics Observatory. In early tests, it predicted some solar flares up to two hours in advance. “It can predict the solar flare’s shape, the position in the sun, the intensity,” says Juan Bernabe-Moreno, the IBM AI researcher who led the project. That’s about twice the warning time current methods provide.

Harra notes, “It’s just those tiny destabilizations that we know happen, but we don’t know when.” The hope is that Surya can spot these patterns faster than humans can.

Bernabe-Moreno adds that Surya could also help uncover links between solar weather and Earth weather. “Understanding the sun is a proxy for understanding many other stars,” he says. “We look at the sun as a laboratory.”