Risky Bulletin Risky Bulletin: New phishing technique bypasses FIDO keys
Jul 18, 2025
Cybersecurity takes center stage with a shocking new phishing technique that successfully evades FIDO keys. A mobile surveillance vendor is in hot water after deploying an SS7 exploit. Meanwhile, South Korea's largest insurance provider suffers a major ransomware attack. In a twist of justice, law enforcement has taken down a notorious pro-Kremlin DDoS group, highlighting the ongoing battle against cyber threats.
AI Snips
Chapters
Transcript
Episode notes
Phishing Bypasses FIDO Keys
- A new phishing technique by Poison Seed bypasses FIDO keys using the cross-device sign-in feature.
- This makes it appear that a FIDO key is not present or required for authentication.
SS7 Exploit Reveals Subscriber Locations
- A mobile surveillance vendor exploits an SS7 protocol vulnerability to access subscriber locations.
- The attack tricks operators by confusing subscriber identifier encoding, bypassing network restrictions.
Ransomware Disrupts Insurance Certificates
- South Korea's largest insurer Seoul Guarantee Insurance suffered a ransomware attack disrupting loan guarantee certificates.
- The firm reverted to handwriting certificates while working on restoring affected systems.