PoisonSeed Attack Downgrades FIDO2 MFA Using Novel Phishing Tactics
PoisonSeed threat actors are bypassing FIDO2 security keys by exploiting the cross-device sign-in feature in WebAuthn, tricking users into approving login requests from fake portals. This attack does not exploit a flaw in FIDO2 but abuses a legitimate feature, prompting organizations to implement additional security measures such as geographic restrictions and Bluetooth authentication. The attack highlights evolving methods to circumvent phishing-resistant authentication systems.