Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Microsoft Entra Passkey Enrollment Exploited by Hackers

Microsoft Entra Passkey Enrollment Exploited by Hackers

Posted on July 10, 2026 By CWS

Cybercriminals have identified a vulnerability in Microsoft Entra’s passkey enrollment system, allowing them to take control of corporate accounts. This exploitation, primarily orchestrated by the threat group O UNC 066, also known as Pink, has been ongoing since April 2026. The attackers employ a sophisticated phishing scheme that persuades employees to register a passkey managed by the criminals themselves.

Phishing Tactics and Attack Methodology

The hackers combine social engineering techniques with a customized phishing toolkit. Employees receive direct phone calls from attackers posing as IT support, urging them to enroll a new passkey due to supposed security needs. This tactic aligns with Microsoft’s recent push for passwordless sign-ins, making the request appear routine.

Victims are directed to a counterfeit login page that mimics their company’s branding. Behind this facade, an attacker manually guides them through the process, adjusting fake screens based on the victim’s authentication methods, whether it be SMS, app prompts, or push notifications. This real-time orchestration complicates detection and circumvents automated defenses.

Campaign Objectives and Industry Impact

According to a report by Okta shared with Cyber Security News, the primary aim of these attacks is data theft for extortion purposes rather than immediate financial gain. The attackers have been linked to a public data leak site used to coerce victims. Industries affected by this campaign include food and beverage, technology, healthcare, automotive, construction, and aviation.

What makes this campaign particularly concerning is its ability to transform a security enhancement into a vulnerability. Instead of simply stealing passwords, the attackers establish a persistent foothold in victims’ accounts, which can endure beyond a password reset.

Defense Strategies and Recommendations

Security experts highlight that while the phishing kit does not interact with third-party identity providers, organizations relying solely on native authentication remain vulnerable. To mitigate risks, companies should implement phishing-resistant authenticators and educate staff to verify any claims made by supposed IT personnel before taking action.

Additional protective measures include restricting account access based on device status, geographic location, and network context. Organizations should also configure alerts for every authenticator lifecycle event to ensure unexpected passkey registrations are promptly flagged.

Given the convincing nature of this attack, raising awareness about passkey scams among staff could be as crucial as technical defenses. Proactive defenses, such as integrating live threat feeds from multiple SOC teams, can prevent critical incidents and financial losses.

To conclude, while Microsoft Entra’s passkey system aims to enhance security, this recent exploitation underscores the need for continuous vigilance and adaptation of security protocols to protect against ever-evolving cyber threats.

Cyber Security News Tags:account hijacking, Cybercrime, Cybersecurity, data breach, enterprise security, IT security, MFA vulnerability, Microsoft Entra, passkey enrollment, phishing attack

Post navigation

Previous Post: RedHook Malware Exploits ADB Debugging for Control
Next Post: Critical HP Linux Printing Software Flaw Threatens Security

Related Posts

Breachlock Named Sample Vendor for PTaaS and AEV in Two 2025 Gartner Reports Breachlock Named Sample Vendor for PTaaS and AEV in Two 2025 Gartner Reports Cyber Security News
Operation Hanoi Thief Attacking IT Professionals with Pseudo-Polyglot Payload to Hide Malware Operation Hanoi Thief Attacking IT Professionals with Pseudo-Polyglot Payload to Hide Malware Cyber Security News
Fired Techie Admits Hacking Employer’s Network in Retaliation for Termination Fired Techie Admits Hacking Employer’s Network in Retaliation for Termination Cyber Security News
MacOS Vulnerability Exposed by ExifTool Flaw MacOS Vulnerability Exposed by ExifTool Flaw Cyber Security News
Windows 11 Update Enhances AI and User Interface Windows 11 Update Enhances AI and User Interface Cyber Security News
Autonomous AI Agents Are Becoming the New Operating System of Cybercrime Autonomous AI Agents Are Becoming the New Operating System of Cybercrime Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Malware Targets Paysafe, Skrill, Neteller Users
  • Critical HP Linux Printing Software Flaw Threatens Security
  • Microsoft Entra Passkey Enrollment Exploited by Hackers
  • RedHook Malware Exploits ADB Debugging for Control
  • ACSC Raises Alarm on CMS Exploitation Threat

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Malware Targets Paysafe, Skrill, Neteller Users
  • Critical HP Linux Printing Software Flaw Threatens Security
  • Microsoft Entra Passkey Enrollment Exploited by Hackers
  • RedHook Malware Exploits ADB Debugging for Control
  • ACSC Raises Alarm on CMS Exploitation Threat

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark