Manuel BisseyJul 21, 2025

🚨 Poisoned phishing: attackers downgrade FIDO2 MFA to bypass protections. Even strong auth needs stronger vigilance. 🧑‍💼🎯
#MFABypass #PhishingTactics

https://www.bleepingcomputer.com/news/security/threat-actors-downgrade-fido2-mfa-auth-in-poisonseed-phishing-attack/

Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack

A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in WebAuthn to trick users into approving login authentication requests from fake company portals.

BleepingComputer
Manuel BisseyJul 4, 2025

🤖 Chatbots like ChatGPT are unintentionally aiding phishers by suggesting fake or unregistered URLs for major brands 🌐. Criminals are exploiting these AI slip-ups to set traps.
#SecureAI #PhishingTactics ⚠️🔗

https://go.theregister.com/feed/www.theregister.com/2025/07/03/ai_phishing_websites/

ChatGPT creates phisher’s paradise by recommending the wrong URLs for major companies

: Crims have cottoned on to a new way to lead you astray

The Register
iam-py-testNov 10, 2024

This is an interesting phishing tactic: using a website translation service.
Sadly the actual phishing website is dead/angry-at-Americans so I can not see what the real phishing page looks like.
On an unrelated topic, the translation website has unblocked malicious ads served by Google Ads. Good for them.

https://github.com/hagezi/dns-blocklists/issues/4273

#Phishing #PhishingTactics #DịchTiếngHoa

dichtienghoa.com: badware · Issue #4273 · hagezi/dns-blocklists

Which domain(s) should be blocked? dichtienghoa.com/translate/m.imdb.com?u=https://0.gp/greece2 0.gp/greece2 gov.gr93.sbs/gr Why should these domain(s) be blocked? This link is being sent to Greek ...

GitHub