Cyber Security News

Hackers Abuse Microsoft Entra Passkey Enrollment to Hijack Enterprise Accounts

PhishingCriticalphishing

Threat group UNC066 has exploited Microsoft Entra passkey enrollment through phone-based phishing since April 2026, tricking employees into registering attacker-controlled passkeys to hijack enterprise accounts. The campaign combines social engineering with custom phishing kits targeting corporate credentials.

AI summary · generated with Claude

https://cybersecuritynews.com/hackers-abuse-microsoft-entra-passkey-enrollment/