URL has been copied successfully!
Microsoft Entra Passkey Enrollment Abused in Operator-Controlled Vishing Campaign
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

Microsoft Entra Passkey Enrollment Abused in Operator-Controlled Vishing Campaign

A focused vishing campaign that weaponizes Microsoft Entra passkey enrollment as a social-engineering vector to enable account takeover and downstream data extortion. The threat actor begins by registering domains that include the term “passkey” (for example, assignpasskey[.]com, deploypasskey[.]com, passkeydeploy[.]com, passkeyadd[.]com, setpasskey[.]com) and creating per-target subdomains. Microsoft Entra ID login pages. Pages load generic Microsoft styling […] The post Microsoft Entra Passkey Enrollment Abused in Operator-Controlled Vishing Campaign appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

First seen on gbhackers.com

Jump to article: gbhackers.com/microsoft-entra-passkey-enrollment/

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link