Passkey Redaction Attacks Subvert GitHub, Microsoft Authentication

Adversary-in-the-middle attacks can strip out the passkey option from login pages that users see, leaving targets with only authentication choices that force them to give up credentials.