PoisonSeed Attack Downgrades FIDO2 MFA Using Novel Phishing Tactics

July 19, 2025 at 05:41 PM

•

1 min read

PoisonSeed Attack Downgrades FIDO2 MFA Using Novel Phishing Tactics — Photo: BleepingComputer

TL;DR Summary

PoisonSeed threat actors are bypassing FIDO2 security keys by exploiting the cross-device sign-in feature in WebAuthn, tricking users into approving login requests from fake portals. This attack does not exploit a flaw in FIDO2 but abuses a legitimate feature, prompting organizations to implement additional security measures such as geographic restrictions and Bluetooth authentication. The attack highlights evolving methods to circumvent phishing-resistant authentication systems.

Topics:technology #fido2 #multi-factor-authentication #phishing #poisonseed #security #webauthn

Share this article

Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack BleepingComputer
'PoisonSeed' Attacker Skates Around FIDO Keys Dark Reading | Security
Phishing attack abuses QR codes to bypass FIDO keys SC Media
Phishers have found a way to downgrade—not bypass—FIDO MFA Ars Technica
Hackers Exploit FIDO MFA With Novel Phishing Technique BankInfoSecurity

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

88%

505 → 63 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights