🚨SlowMist TI Alert🚨 New Attack Bypasses WebAuthn Key-Based Logins.⚠️This attack allows perpetrators to🧩hijack the WebAuthn API through malicious browser extensions or by exploiting💻XSS vulnerabilities on websites. Consequently, attackers can force a downgrade to password login or manipulate the key registration process to steal user credentials. This vulnerability does not require access to the victim's device or Face ID.🔑Users logging in with keys on compromised websites or those with malicious extensions may face identity impersonation, leading to account breaches. #WebAuthn is a web standard developed by the W3C and FIDO Alliance. It aims to provide secure authentication through public key cryptography, either as a replacement or supplement to traditional passwords.🔐Users can log in using hardware security keys like YubiKey, built-in platform authenticators such as Windows Hello, Touch ID, Android biometrics, or devices compliant with the FIDO2 standard.(SlowMist)