I've been hard at work on a NEW phishing technique I'm excited to share. I'm calling it "Vaultjacking" and the impact is honestly a bit sobering.

In my blog I demonstrate how a single AiTM landing page can spoof your Google passkey/password manager PIN and use that to access ALL of a victim's third-party credentials (yes, including passkeys). A simple phish on one site can lead to a total compromise of all Chrome-saved credentials.