Hackers Exploit FIDO MFA With Novel Phishing Technique

A new phishing technique, used by the PoisonSeed cybercrime group, bypasses FIDO2 physical keys by exploiting a cross-device sign-in feature. The attack involves a phishing email, a fake login page, and a QR code that deceives users into scanning it with their mobile authenticator app, granting the attacker access to protected applications and services. Security teams are advised to monitor authentication logs and enable Bluetooth verification during cross-device sign-ins to mitigate this technique.