[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]  The Hacker News [@TheHackersNews](/creator/twitter/TheHackersNews) on x 926.7K followers Created: 2025-07-21 07:04:59 UTC Just to clarify: this attack doesnβt work everywhere β here's when you're safe π The phishing trick targets cross-device sign-in flows without strict proximity checks (like Bluetooth or local attestation). If your org enforces: β Hardware keys plugged into the login device β Platform-bound authenticators (e.g. Face ID in browser) ...then the attack fails. Why? Because those setups prevent remote QR code hijacking. Bottom line: phishing-resistant auth still works β if deployed right. XXXXXX engagements  **Related Topics** [login](/topic/login) [Post Link](https://x.com/TheHackersNews/status/1947191054341714311)
[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]
The Hacker News @TheHackersNews on x 926.7K followers
Created: 2025-07-21 07:04:59 UTC
Just to clarify: this attack doesnβt work everywhere β here's when you're safe π
The phishing trick targets cross-device sign-in flows without strict proximity checks (like Bluetooth or local attestation).
If your org enforces: β Hardware keys plugged into the login device β Platform-bound authenticators (e.g. Face ID in browser)
...then the attack fails.
Why? Because those setups prevent remote QR code hijacking.
Bottom line: phishing-resistant auth still works β if deployed right.
XXXXXX engagements
Related Topics login