Cyber Security News
Hackers Abuse Microsoft Entra Passkey Enrollment to Hijack Enterprise Accounts
Threat group UNC066 has exploited Microsoft Entra passkey enrollment through phone-based phishing since April 2026, tricking employees into registering attacker-controlled passkeys to hijack enterprise accounts. The campaign combines social engineering with custom phishing kits targeting corporate credentials.
AI summary · generated with Claude
https://cybersecuritynews.com/hackers-abuse-microsoft-entra-passkey-enrollment/