Find notable cyber news and cases, enriched with sources, timelines, and signals.

O-UNC-066 / Pink Microsoft Entra passkey vishing campaign

Campaign
First reported
Last updated
Happening score
H score 37
1 unique sources, 1 articles

Summary

Hide ▲

The O-UNC-066 / Pink operation is using voice-based phishing to push Microsoft 365 users into enrolling attacker-controlled Entra passkeys, creating a direct path to account takeover and extortion. The campaign has been active since April and targets organizations across food and beverage, technology, healthcare, automotive, construction, and aviation. Callers impersonate security personnel and steer victims to phishing pages that mimic the legitimate Microsoft passkey enrollment flow. The kit relays credentials and MFA responses in real time, letting the operator register a passkey they control and open access to SharePoint and OneDrive data.

Related Happenings

Pink new extortion brand within The Com

Threat Actor Meta
H score30 First: 08.07.2026 19:47 Last: 08.07.2026 19:47 Sources 1

How related: According to Palo Alto Networks Unit 42, Pink is a new extortion brand affiliated with the decentralized threat network known as The Com (short for The Community).

About this happening: A new **Pink** extortion brand has emerged within **The Com**, signaling a more decentralized criminal ecosystem that can scale credential theft and data extortion across multiple...

Meta For Business Facebook Messenger fake-verification phishing campaign

Campaign
H score29 First: 07.07.2026 10:00 Last: 07.07.2026 10:00 Sources 1

About this happening: A **phishing campaign** abused **Facebook Messenger chatbots** and fake verification lures to steal **Meta For Business** credentials and sensitive identity data, creating account...

Kali365 Microsoft 365 device-code phishing campaign

Campaign
H score46 First: 25.05.2026 15:45 Last: 25.05.2026 15:45 Sources 1

About this happening: A **Kali365** phishing campaign is targeting **Microsoft 365** environments worldwide with **device-code login lures**, putting accounts at risk of **token theft** and **MFA bypas...

EvilTokens Microsoft 365 consent phishing campaign

Campaign
H score39 First: 19.05.2026 14:30 Last: 19.05.2026 14:30 Sources 1

About this happening: The **EvilTokens** campaign rapidly compromised **more than 340 Microsoft 365 organizations** across **five countries**, showing how **OAuth grant abuse** can bypass **MFA** and c...

Code of conduct-themed Microsoft AiTM phishing campaign

Campaign
H score53 First: 05.05.2026 09:35 Last: 05.05.2026 09:35 Sources 1

About this happening: A **large-scale phishing campaign** used code of conduct-themed lures and **legitimate email services** to push victims to attacker-controlled domains and steal **authentication t...

Timeline

  1. 08.07.2026 19:47 2 articles · 1d ago

    O-UNC-066 / Pink Microsoft Entra passkey vishing campaign

    Initial Disclosure

    Since **April**, the operation has relied on phone-based security lures and cloned Microsoft enrollment pages to convince users to add an attacker-controlled **Entra passkey**.

    Show sources