PoisonSeed Hackers Bypass FIDO Keys Using QR Phishing and Cross-Device Sign-In Abuse

FIDO keys are hardware- or software-based authenticators designed to eliminate phishing by binding logins to specific domains using public-private key. Threat actors can downgrade FIDO key protections by deceiving users into approving authentication requests from spoofed company login portals.