HIGH: Pink Crew Hijacks Microsoft 365 Accounts With Fake Entra Passkey Enrollment Calls
A financially motivated group tracked as O-UNC-066 (Pink) is vishing Microsoft 365 users into a fake Entra passkey enrollment flow, using an operator-controlled PHP panel to relay MFA in real time and register attacker-owned passkeys for persistent account takeover before looting SharePoint and OneDrive.