FIDO2
Microsoft: Security keys may prompt for PIN after recent updates
Microsoft warned users on Tuesday that FIDO2 security keys may prompt them to enter a PIN when signing in after installing Windows updates released since the September 2025 preview update. This behavior can be observed on devices running Windows 11 version 24H2 or 25H2 when an identity provider requests user verification during authentication. Microsoft says […]
Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack
A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in WebAuthn to trick users into approving login authentication requests from fake company portals. The PoisonSeed threat actors are known to employ large-volume phishing attacks for financial fraud. In the past, distributing emails containing crypto seed phrases used to drain cryptocurrency wallets. In […]