Researchers at Proofpoint uncovered a phishing-as-a-service kit that downgrades FIDO2 logins to weaker fallback methods.
The attack works when victims use browsers that still accept SMS or TOTP as backups.
Administrators are urged to disable fallback factors for privileged accounts.
