PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Passkeys Are Exploding, AI Is Leaking Your Business Data, and a New Bug Is Crashing Chromium Browsers

It's been another tough week in cybersecurity news. Plus, unauthorized AI usage at work has also skyrocketed, which isn't great either.

Alan Henry
 & Alan Henry Managing Editor, Security

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS
(Credit: Getty Images)

Passkeys have a lot of benefits over passwords, to be sure, but in recent years, getting people to adopt them has been a slow process. That may be changing, however. We reported this week on a new study from security firm Dashlane, which found that more people are embracing passwords, especially on platforms encouraging their use. 

Leading the pack of companies pressuring their users to adopt passkeys are Amazon, which you may have noticed almost always asks you to create one when you visit the site; Google, which has also been providing users with multiple methods to secure their accounts; and Microsoft, which made passkeys the default login option for new accounts. There’s a reason that retail and payment companies are also pushing passkeys: Issues like forgotten passwords, late SMS messages, and other tech troubles could cost them money in the form of abandoned carts and delayed purchases. And, as we’ll see later in the story roundup, most data on the dark web comes from retail services. 

Speaking of passkeys, using them is a snap when you also use a password manager. When testing password managers, we especially appreciate those providing inheritance options, which allow your loved ones to access your passwords and online accounts in an emergency. Unfortunately, those inheritance options can turn into a security nightmare when exploited, as we reported earlier this week when it happened to LastPass. Hackers launched a campaign to trick LastPass account holders into entering their account information on a phishing site, with some even going so far as to call users posing as LastPass employees to obtain their credentials. 

And since we’re talking about sensitive information on the web, this week we covered a new study that revealed that unauthorized AI use at work has exploded. The result is that sensitive corporate information has also exploded onto the clear web, thanks to it being absorbed by and republished by AI companies that often have no idea they’re hosting confidential information. Seriously—one quick web search and you can find several examples of financial reports, documents marked “internal use only,” entire manuscripts, and more. 

See the Business Data Leaking Onto the Dark Web With Proton’s Data Breach Observatory

Proton, the security company behind products like Proton VPN, Proton Pass, and Proton Mail, just introduced a new service designed to alert the public to corporate data breaches when they occur, even if the company in question would rather not make a public statement about it. The Proton Data Breach Observatory is a comprehensive and regularly updated list of data breaches, including the date of the breach, the types of data compromised, and the severity of the issue. 

Recommended by Our Editors

Warning: These World Cup 2026 Scams Could Drain Your Bank Account Overnight
Warning: These World Cup 2026 Scams Could Drain Your Bank Account Overnight
Thousands of Scam FIFA Sites Emerge To Target World Cup Fans
Thousands of Scam FIFA Sites Emerge To Target World Cup Fans
From Pentagon Concerns to Street-Level Phone Theft: Digital Tracking Is Everyone's Problem Now
From Pentagon Concerns to Street-Level Phone Theft: Digital Tracking Is Everyone's Problem Now

In a statement, Proton said that because data breaches have become so common, only the most significant ones receive media attention, which can leave people with a false perception of security. The platform is based on the same kind of dark web monitoring and research that the company already conducts, but assembled in a digestible format for both security professionals and individual users alike. That means the tool doesn’t rely on self-reporting; it comes directly from where the data lives, on the dark web. Currently, nearly 800 breaches are on the site, with most sensitive data consisting of names, email addresses, and other contact details, followed by passwords. As for targets, the available data primarily comes from retail businesses. All of this is a reminder to practice good internet hygiene

This Security Hole Can Crash Billions of Chromium Browsers, and Google Hasn’t Patched It Yet

Odds are you’re reading this using a web browser based on Chromium. That’s Google’s architecture for browsers, and at this point, the vast majority of the web has been built around the assumption that you’ll be using one. Chromium browsers include Chrome, obviously, but also Microsoft’s Edge, Brave, Vivaldi, and OpenAI’s newly released (and problematic, as we discussed last week) Atlas browser. Unfortunately, as The Register reports, independent security researcher Jose Pino discovered a flaw in Blink, the rendering engine used by Chromium browsers, that, when exploited, can cause the browser to freeze within seconds, and in some cases freeze the host system as well by sucking down all available memory. 

The Register’s full story explains in detail how the exploit works and what happened when they tested it (spoiler: it’s bad). However, it’s worth noting that they contacted the developers of nine different Chromium-based browsers. Seven didn’t respond. The developers of Brave said that, because it’s an issue with Chromium, they would implement a fix as soon as Google had one. Google, for its part, said it’s looking into it. Luckily, other rendering engines were immune to the issue, including Gecko (used in Firefox) and WebKit (used in Safari). 

Cybersecurity Firms See Surge in AI-Powered Attacks Across Africa

Among the many social consequences of AI that we have yet to fully reckon with is the rapid proliferation of generative AI-powered scams, a trend we’ve been reporting on since the beginning of the year. And as Dark Reading reports, before the scams reach you and me, scammers test their tactics on regions of the world that lack the same consumer protections and cybersecurity infrastructure available to us. 

In this case, Dark Reading notes that scammers are using AI to set up entire scam “hubs,” where scammers utilize generative AI tools in the same way anyone would use business software. Except at these jobs, the goal is to create deepfakes and phishing messages that are culturally appropriate in context, thereby removing one more way victims can discern that the sender (or even the caller) isn’t who they claim to be. Right now, the attacks are also centered on African institutions, where the scam hubs are also based. But experts all agree that it’s more of a proving ground. As AI-powered impersonation and phishing attacks become more effective, they’ll get more popular—which means they’re coming for everyone, everywhere.

About Our Expert

Alan Henry

Alan Henry

Managing Editor, Security

My Experience

I've been writing and editing stories for almost two decades that help people use technology and productivity techniques to work better, live better, and protect their privacy and personal data. As managing editor of PCMag's security team, it's my responsibility to ensure that our product advice is evidence-based, lab-tested, and serves our readers.

I've been a technology journalist for close to 20 years, and I got my start freelancing here at PCMag before beginning a career that would lead me to become editor-in-chief of Lifehacker, a senior editor at The New York Times, and director of special projects at WIRED. I'm back at PCMag to lead our security team and renew my commitment to service journalism. I'm the author of Seen, Heard, and Paid: The New Work Rules for the Marginalized, a career and productivity book to help people of marginalized groups succeed in the workplace.

The Technology I Use

I'm writing this on a computer I built myself. It's powered by an Intel Core i7 with 32GB of RAM, 2TB of storage, and a disturbingly anime-themed NVIDIA GeForce 3070 inside (look, it was on sale). It's connected to a beautiful LG 34-inch ultrawide monitor on my left that I use for gaming (and spreadsheets) and an LG 27-inch 4K monitor in portrait mode on my right that I use for browsing, editing, and reading. Connect all of that to a Logitech Streamcam, an Elgato capture card, an Elgato Stream Deck, and an Elgato Wave:3 using the WaveLink software for mixing, and you might have figured out that I'm also a streamer.

When I'm not at my desk, I usually use a Microsoft Surface Laptop Studio, which is a little heavy for my tastes but incredible as a combination of laptop and tablet that I can use to work and game when I'm traveling. My IT-issued Lenovo Thinkpad is lovely and light, but it's on standby should I need it. My current phone is a Pixel 6 Pro.

I used to be more of an Apple person. These days, I have an iPad Air for art and easy reading and an old MacBook Pro that used to be my daily driver before the Surface entered my life.

I use Firefox for browsing, and keep a cadre of privacy tools installed to minimize my data footprint. I use Proton products both for VPN and secure email, and I trust Bitdefender and MalwareBytes to keep my data safe from harm.

A handful of Sonos speakers power the audio around my home when I'm not wearing headphones. Speaking of which, I have a collection of both wired and wireless headphones, but my daily wear is a set of Sennheiser HD6XXs that I adore. On the go, I resort to a pair of Beats Studio Buds for the true wireless experience (with a set of Comply eartips, for comfort).

If you're a gamer, ask me about my relationship with Destiny 2.

Read the latest from Alan Henry

Read full bio