passkeys

Two Tools Published This Week Just Broke Chrome's Encryption and Bypassed Your MFA

John Z Black Mar 23, 2026

Threat Intelligence #voidstealer #astaroth #chrome #mfa #credential-theft #phishing #fido2 #passkeys

VoidStealer cracked Chrome's Application-Bound Encryption via a debugger trick, while Astaroth defeats SMS, TOTP, and push MFA in real time -- and the only method that survives both is FIDO2.

Your MFA and Your ZIP Scanner Both Have Blind Spots Attackers Are Already Using

John Z Black Mar 12, 2026

Security Controls #mfa #phishing #aitm #starkiller #zombie-zip #fido2 #passkeys #security-controls #defense

Adversary-in-the-Middle phishing beats standard MFA in real time. Zombie ZIP tricks archive scanners into waving malware through. Two trusted security controls, two systematic bypasses already in the wild.