A new cyberattack technique called “DoubleClickjacking” has been discovered, posing significant risks to internet security by bypassing traditional clickjacking protections. It tricks users into performing unauthorized actions through a two-click sequence, circumventing modern browser safeguards like “SameSite: Lax” cookies. Attackers manipulate timing and events to replace or close browser windows, swapping in sensitive pages such as OAuth authorization dialogs or account settings in the background. The second click unwittingly authorizes malicious actions, allowing attackers to gain access to user accounts. This sophisticated method underscores the need for enhanced security measures to protect against evolving threats. Continue here.
