1Password introduced a new anti-phishing UX control that displays pop-up warnings when users land on suspected phishing or typosquatted domains, addressing a gap where users might manually type credentials even when the password manager refuses to autofill due to a URL mismatch. The feature is enabled by default for Individual and Family plans, while enterprise admins can enable it via Authentication Policies in the 1Password admin console.
Separate academic/industry research highlighted systemic exposure risks from SMS-delivered “one-time” links that do not expire, enabling personal data access long after delivery. The study assembled a dataset from public SMS gateways (over 33M messages, 323K unique URLs, and 10.9K+ domains) to analyze how SMS link design choices can leak data over time; the article also notes broader threat trends where attackers increasingly use malicious URLs via SMS (smishing) and large-scale domain churn/brand impersonation to drive credential theft and fraud.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
4 events from the most recent confirmed update back to the earliest known activity.
A later report on the SMS sign-in link research highlighted that 125 services used weak tokens that could allow attackers to guess valid login links, and reiterated that many links remained active for months or years. It also emphasized backend overfetching of personal data and noted the true number of affected services may be higher than observed.
1Password announced a built-in feature that displays pop-up warnings when users visit suspected phishing or typosquatted sites, aiming to prevent manual credential entry on fake pages. The protection is enabled by default for individual and family plans, while enterprise administrators can enable it through Authentication Policies.
After identifying the exposures, the research team reported the issues to 150 services. Only 18 responded and seven implemented fixes, indicating that many of the exposed services likely remained vulnerable.
A research study analyzing more than 33 million messages from public SMS gateways found that SMS-delivered magic links and sign-in URLs at 177 services often acted as bearer tokens, exposing personal data and enabling account access. The study identified 701 still-working endpoints, including some links dating back to 2019, and found weak token designs, overexposed backend data, and in some cases account takeover or editable personal-data forms.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
4 references tracked. Mallory keeps watching after this page renders.
scworld.com
Open sourcebleepingcomputer.com
Open sourcebleepingcomputer.com
Open sourcehelpnetsecurity.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.