PoisonSeed Attack Turns Out to Be Not a FIDO Bypass After All

Cybersecurity firm Expel, in an update shared on July 25, 2025, said it's retracting its findings about a phishing attack that it said leveraged cross-device sign-in to get around FIDO account protections despite being not in physical proximity to the authenticating client device. "The evidence does show the targeted user's credentials (username and password) being phished and that the attacker

Read more https://thehackernews.com/2025/07/poisonseed-hackers-bypass-fido-keys.html