Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Okta Alerts on Vishing Threat to Microsoft 365 Users

Okta Alerts on Vishing Threat to Microsoft 365 Users

Posted on July 10, 2026 By CWS

Okta has issued a warning about a vishing campaign targeting Microsoft 365 users across various sectors. Initiated in April, the scheme aims to steal user credentials through deceptive voice calls.

Vishing Campaign Targets Multiple Industries

The attackers, identified as group O-UNC-066 or CL-CRI-1147, have primarily focused on sectors such as automotive, aviation, construction, food and beverage, healthcare, and technology. The group, also known as Pink, seeks to extort data by tricking users into accessing fraudulent Microsoft Entra ID login pages.

Deceptive Tactics and Domain Manipulation

The threat actors have registered domains featuring the term ‘passkey’ to mislead users into believing they are engaging in legitimate Microsoft passkey processes. These sites are crafted to mirror official Microsoft enrollment pages, exploiting users’ trust.

Okta reports that the phishing kit employed in these attacks is distinct, with an operator-controlled PHP panel that requires active engagement to gather user credentials and multi-factor authentication tokens.

Complex Phishing Mechanism

Unlike typical phishing kits, this campaign involves real-time interaction, guiding victims through several authentication steps. The kit adapts based on the victim’s multi-factor authentication settings, impersonating legitimate process flows.

Okta highlights the attackers’ strategy of integrating BIP-39 phrases into the process, which seems irrelevant to Microsoft Entra operations. This step may serve as a diversion while the attackers register their own passkeys in victims’ accounts.

Upon registering a passkey, the compromised account receives a genuine notification from Microsoft, potentially masking the attacker’s actions under benign-seeming passkey names.

Implications and Recommendations

Okta’s alert underscores the sophistication of modern phishing attacks and the necessity for heightened vigilance and security measures. Users are advised to remain cautious of unsolicited communications and verify any passkey registration notifications with Microsoft.

As cyber threats continue to evolve, organizations and individuals alike must prioritize cybersecurity awareness and proactive measures to safeguard their digital assets.

Security Week News Tags:credential theft, cyber threats, Cybersecurity, data extortion, MFA, Microsoft 365, Microsoft Entra, Okta, Passkey, Phishing, phishing kit, security alert, Technology, user security, Vishing

Post navigation

Previous Post: New MODBEACON RAT Leverages Encrypted C2 Traffic
Next Post: Windows Shortcuts Exploit PowerShell for Remote Attacks

Related Posts

Cisco Addresses New SD-WAN Zero-Day Security Flaw Cisco Addresses New SD-WAN Zero-Day Security Flaw Security Week News
OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks Security Week News
Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed Security Week News
Frame Security Launches with M for AI Cyber Training Frame Security Launches with $50M for AI Cyber Training Security Week News
Italy Antitrust Agency Fines Apple 6 Million Over Privacy Feature; Apple Announces Appeal Italy Antitrust Agency Fines Apple $116 Million Over Privacy Feature; Apple Announces Appeal Security Week News
Sola Security Raises M to Bring No-Code App Building to Cybersecurity Teams Sola Security Raises $35M to Bring No-Code App Building to Cybersecurity Teams Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Critical Linux FUSE Flaw Allows Root Access
  • Laser Pulse Vulnerability in Tangem Wallets Exposes Security Risks
  • Critical GNU Guix Vulnerabilities Permit Remote Attacks
  • DHS Database Breach and Adobe’s Security Enhancements
  • WhatsApp-to-Host Attack via OpenClaw Flaws Detailed

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Critical Linux FUSE Flaw Allows Root Access
  • Laser Pulse Vulnerability in Tangem Wallets Exposes Security Risks
  • Critical GNU Guix Vulnerabilities Permit Remote Attacks
  • DHS Database Breach and Adobe’s Security Enhancements
  • WhatsApp-to-Host Attack via OpenClaw Flaws Detailed

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark