Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Microsoft Entra Passkey Enrollment Exploited by Hackers

Microsoft Entra Passkey Enrollment Exploited by Hackers

Posted on July 10, 2026 By CWS

Cybercriminals have identified a vulnerability in Microsoft Entra’s passkey enrollment system, allowing them to take control of corporate accounts. This exploitation, primarily orchestrated by the threat group O UNC 066, also known as Pink, has been ongoing since April 2026. The attackers employ a sophisticated phishing scheme that persuades employees to register a passkey managed by the criminals themselves.

Phishing Tactics and Attack Methodology

The hackers combine social engineering techniques with a customized phishing toolkit. Employees receive direct phone calls from attackers posing as IT support, urging them to enroll a new passkey due to supposed security needs. This tactic aligns with Microsoft’s recent push for passwordless sign-ins, making the request appear routine.

Victims are directed to a counterfeit login page that mimics their company’s branding. Behind this facade, an attacker manually guides them through the process, adjusting fake screens based on the victim’s authentication methods, whether it be SMS, app prompts, or push notifications. This real-time orchestration complicates detection and circumvents automated defenses.

Campaign Objectives and Industry Impact

According to a report by Okta shared with Cyber Security News, the primary aim of these attacks is data theft for extortion purposes rather than immediate financial gain. The attackers have been linked to a public data leak site used to coerce victims. Industries affected by this campaign include food and beverage, technology, healthcare, automotive, construction, and aviation.

What makes this campaign particularly concerning is its ability to transform a security enhancement into a vulnerability. Instead of simply stealing passwords, the attackers establish a persistent foothold in victims’ accounts, which can endure beyond a password reset.

Defense Strategies and Recommendations

Security experts highlight that while the phishing kit does not interact with third-party identity providers, organizations relying solely on native authentication remain vulnerable. To mitigate risks, companies should implement phishing-resistant authenticators and educate staff to verify any claims made by supposed IT personnel before taking action.

Additional protective measures include restricting account access based on device status, geographic location, and network context. Organizations should also configure alerts for every authenticator lifecycle event to ensure unexpected passkey registrations are promptly flagged.

Given the convincing nature of this attack, raising awareness about passkey scams among staff could be as crucial as technical defenses. Proactive defenses, such as integrating live threat feeds from multiple SOC teams, can prevent critical incidents and financial losses.

To conclude, while Microsoft Entra’s passkey system aims to enhance security, this recent exploitation underscores the need for continuous vigilance and adaptation of security protocols to protect against ever-evolving cyber threats.

Cyber Security News Tags:account hijacking, Cybercrime, Cybersecurity, data breach, enterprise security, IT security, MFA vulnerability, Microsoft Entra, passkey enrollment, phishing attack

Post navigation

Previous Post: RedHook Malware Exploits ADB Debugging for Control
Next Post: Critical HP Linux Printing Software Flaw Threatens Security

Related Posts

GitLab Patches Multiple Vulnerabilities that Allows Attackers to Trigger XSS and DoS Attack GitLab Patches Multiple Vulnerabilities that Allows Attackers to Trigger XSS and DoS Attack Cyber Security News
CISA Shares New Threat Detections for Actively Exploited WSUS Vulnerability CISA Shares New Threat Detections for Actively Exploited WSUS Vulnerability Cyber Security News
CISA Alerts on Exploited Microsoft Vulnerabilities CISA Alerts on Exploited Microsoft Vulnerabilities Cyber Security News
Critical Ivanti Endpoint Manager Vulnerabilities Let Attackers Execute Remote Code Critical Ivanti Endpoint Manager Vulnerabilities Let Attackers Execute Remote Code Cyber Security News
SharePoint 0-Day RCE Vulnerability Actively Exploited in the Wild to Gain Full Server Access SharePoint 0-Day RCE Vulnerability Actively Exploited in the Wild to Gain Full Server Access Cyber Security News
SAP npm Packages Exploited in Major Credential Theft SAP npm Packages Exploited in Major Credential Theft Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Critical HP Linux Printing Software Flaw Threatens Security
  • Microsoft Entra Passkey Enrollment Exploited by Hackers
  • RedHook Malware Exploits ADB Debugging for Control
  • ACSC Raises Alarm on CMS Exploitation Threat
  • GodDamn Ransomware Uses PoisonX to Evade Security

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Critical HP Linux Printing Software Flaw Threatens Security
  • Microsoft Entra Passkey Enrollment Exploited by Hackers
  • RedHook Malware Exploits ADB Debugging for Control
  • ACSC Raises Alarm on CMS Exploitation Threat
  • GodDamn Ransomware Uses PoisonX to Evade Security

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark