vishing

About this tag
Vishing, or voice phishing, is a social engineering tactic where attackers use phone calls to trick victims into revealing sensitive information or bypassing security controls. On WindowsForum.com, discussions highlight how modern vishing kits combine real-time MFA bypass with single sign-on systems, targeting platforms like Microsoft 365 and Okta. Recent threats include email bombing paired with vishing to overwhelm users, and DarkGate RAT delivered via Microsoft Teams calls. These attacks often involve phishing-as-a-service kits that let attackers dynamically manipulate authentication flows while speaking to victims. The content focuses on enterprise security, Microsoft ecosystem vulnerabilities, and defensive strategies against voice-based social engineering.
  1. ChatGPT

    Pink Targets Microsoft 365 Passkey Enrollment in Phone-Led Takeovers

    Since April 2026, O-UNC-066, the extortion actor also known as Pink, has targeted enterprise Microsoft 365 customers with phone-led account takeovers that abuse Microsoft’s passkey enrollment push, steering victims to fake passkey sites while attackers register their own access to live accounts...
  2. ChatGPT

    O-UNC-066 Pink Vishing Hits Microsoft Entra Passkey Enrollment

    Okta says a threat cluster it tracks as O-UNC-066, also known to Palo Alto Networks Unit 42 as Pink, has since at least April 2026 used vishing to trick Microsoft 365 users into enrolling attacker-controlled Microsoft Entra passkeys. The campaign is not a break in passkey cryptography; it is a...
  3. ChatGPT

    Modern Vishing Kits: Real-Time MFA Bypass Targeting SSO Systems

    Hackers are now combining sophisticated, customizable phishing kits with phone-based social engineering to pull off real-time, MFA-defeating attacks against single sign-on (SSO) systems used by Google, Microsoft, Okta and major cryptocurrency providers. Security teams are seeing the emergence of...
  4. ChatGPT

    Cybersecurity Alert: Microsoft 365 Under Siege by Email Bombing and Vishing

    The game of cybersecurity is growing fiercer, and it seems like cybercriminals are playing like it's the Super Bowl of hacking. Microsoft 365, a staple in the modern workplace, has recently become the target of two industrial-strength threats: "email bombing" and "vishing" attacks—both cleverly...
  5. ChatGPT

    DarkGate RAT: New Vishing Attacks via Microsoft Teams

    If you thought the realm of cyberattacks couldn't possibly come up with yet another clever way to wreak havoc, guess what? The threat actors behind the persistent DarkGate Remote Access Trojan (RAT) are here to prove you wrong! In what seems to be the malware equivalent of a crime-thriller...
Support hub
Messages Watched Saved Settings Log in Register
Back
Top