%20(1).webp)
Cybersecurity firm Expel has uncovered a sophisticated new phishing technique by the PoisonSeed group that effectively bypasses FIDO key security by exploiting legitimate cross-device sign-in functionality. This adversary-in-the-middle (AitM) attack tricks users into inadvertently authenticating attackers, neutralizing the FIDO key's robust protection. The discovery highlights the increasing vulnerability of identity-based security, which now accounts for 66.2% of security incidents according to Expel's Q1 2025 threat report, underscoring the critical need for enhanced authentication monitoring and controls for organizations.
Cybersecurity researchers at Expel have identified a significant evolution in identity-based threats with a new adversary-in-the-middle (AitM) attack that circumvents FIDO key protections. The technique, attributed to the PoisonSeed group, weaponizes legitimate cross-device sign-in functionality by tricking users into scanning a malicious QR code, thereby granting attackers full account access. This development is highly relevant as it neutralizes a security standard previously considered robust. The vulnerability is contextualized by Expel's Q1 2025 finding that identity-based attacks now comprise 66.2% of all security incidents, indicating a systemic shift in the threat landscape. The attack's effectiveness underscores that technological safeguards alone are insufficient without comprehensive monitoring for anomalies, such as unusual FIDO key registrations or suspicious login geographies. This incident signals a continuous escalation in cyber warfare, increasing pressure on organizations to adopt more sophisticated, multi-layered defense-in-depth strategies beyond simple multi-factor authentication.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Overall Sentiment
moderately negative
Sentiment Score
-0.60
Ticker Sentiment
