Trick users and bypass warnings – Modern SVG Clickjacking attacks
https://lyra.horse/blog/2025/12/svg-clickjacking/
#HackerNews #SVG #Clickjacking #Clickjacking #Cybersecurity #WebSecurity #ModernThreats
This research by Marek Tóth presented at #DEFCON is good. The vulnerability he discusses is real.
However, exploiting it requires the attacker to compromise a website and add phantom workflows to it that the victim doesn't notice as suspicious. Not impossible, but also IMO not likely unless you visit shady websites frequently.
Personally, I do not think the likelihood is high enough to disrupt my existing workflows to protect against the attack.
#clickjacking #infosec
https://marektoth.com/blog/dom-based-extension-clickjacking/