Yahoo Finance

Fullscreen BitM Attack Discovered by SquareX Exploits Browser Fullscreen APIs to Steal Credentials in Safari

Despite this, one flaw that BitM attacks always had was the fact that the parent window would still display the malicious URL, making the attack less convincing to a security-aware user. However, as ...
GitHub

Add real fullscreen mode using the Fullscreen API (like YouTube videos)

Currently, the BookReader fullscreen button only maximizes the viewer inside the browser tab. It would be great to have true fullscreen support (like YouTube videos ...
Security Boulevard

Fullscreen BitM Attack Discovered by SquareX Exploits Browser Fullscreen APIs to Steal Credentials in Safari

Today, SquareX released new threat research on an advanced Browser-in-the-Middle (BitM) attack targeting Safari users. As highlighted by Mandiant, adversaries have been increasingly using BitM attacks ...
Threat Post

Proof-of-Concept Exploits HTML5 Fullscreen API for Social Engineering

Independent security researcher, web designer, and Stanford Computer Science student Feross Aboukhadijeh has developed an attack concept that exploits the fullscreen application programming interface ...
GitHub

Bright-04/Fullscreen-API-Attack

A demonstration of UI spoofing vulnerabilities using the HTML5 Fullscreen API to simulate a fake YouTube.com browsing experience. This project demonstrates how malicious websites could potentially use ...