A threat actor is targeting organizations across multiple sectors in voice-enabled attacks involving Microsoft 365 phishing pages.

A threat actor has been targeting organizations across multiple sectors with voice-based fake security requests that ask Microsoft 365 users to enroll a new Entra passkey.

O-UNC-066 uses vishing and a live phishing kit to trick Microsoft 365 users into enrolling attacker-controlled Entra passkeys for account access.

A threat actor is targeting organizations across multiple sectors in voice-enabled attacks involving Microsoft 365 phishing pages.