HackerFeeds

CyberSecurity News

Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access

The Hacker News
· July 10, 2026

AI summary

A threat actor is targeting organizations across various sectors with fake security requests made via voice, aiming to trick Microsoft 365 users into enrolling a new Entra passkey. This tactic is part of a larger effort to carry out data extortion attacks. The threat actor, known as O-UNC-066, is using a phishing kit that can target the passkey enrollment process. The phishing kit is controlled through a panel, allowing the threat actor to manage their attacks. The goal of these attacks is to gain access to Microsoft 365 accounts.

Read the full article at The Hacker Newsthehackernews.com/2026/07/hackers-use-fake-microsoft-entra.html

This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to The Hacker News.