Fullscreen BitM Attack Discovered By SquareX Exploits Browser Fullscreen APIs To Steal Credentials

A new attack on Safari uses a flaw in the Fullscreen API to create a fullscreen BitM window. Safari users are especially vulnerable to this attack as there is no clear visual indicator of users entering fullscreen. Existing security solutions fail to detect the attack and are proven to be obsolete when it comes to detecting any BitM attack.

PALO ALTO, California, May 29th, 2025/CyberNewsWire/--Today, SquareX released new threat research on an advanced Browser-in-the-Middle (BitM) attack targeting Safari users.

As highlighted by Mandiant, adversaries have been increasingly using BitM attacks to steal credentials and gain unauthorized access to enterprise SaaS apps.

BitM attacks work by using a remote browser to trick victims into interacting with an attacker-controlled browser via a pop-up window in the victim’s browser.

A common BitM attack involves displaying the legitimate login page of an enterprise SaaS app, deceiving ...