A newly revealed exploit demonstrates how threat actors can hijack passkey authentication ceremonies via clickjacking attacks, intercepting critical credentials. While passkeys themselves remain secure, the vulnerability exposes risks in password manager behavior, website implementation flaws, and user configuration choices demanding urgent action from all parties.