FRIDAY, JULY 10, 2026 48° E  /  GLOBAL TECH · SUMMARISED SUBSCRIBE
AI, business, devices, policy — global tech, summarised every 30 minutes.
Security · 3h ago

Fake Voice Calls Trick Microsoft 365 Users Into Enrolling Malicious Passkeys

By Meridian48 News Desk · Summarised from The Hacker News ·

A threat actor tracked as O-UNC-066 is using voice-based phishing to trick Microsoft 365 users into enrolling fake Entra passkeys, enabling account takeover and data extortion. The attack targets organizations across multiple sectors with a panel-controlled phishing kit. Okta identified the campaign, which exploits the passkey enrollment process to gain persistent access.

Meridian48 take
This attack highlights a growing trend of voice phishing combined with identity enrollment abuse, underscoring that even passkey-based security can be undermined by social engineering.
Read the full reporting
Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access →
The Hacker News
phishingmicrosoft-entra
More security briefs
Go deeper on security
AllAIStartupsBusinessDevicesPolicySecurityDev ToolsPakistan