You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
vishing
About this tag
Vishing, or voice phishing, is a social engineering tactic where attackers use phone calls to trick victims into revealing sensitive information or bypassing security controls. On WindowsForum.com, discussions highlight how modern vishing kits combine real-time MFA bypass with single sign-on systems, targeting platforms like Microsoft 365 and Okta. Recent threats include email bombing paired with vishing to overwhelm users, and DarkGate RAT delivered via Microsoft Teams calls. These attacks often involve phishing-as-a-service kits that let attackers dynamically manipulate authentication flows while speaking to victims. The content focuses on enterprise security, Microsoft ecosystem vulnerabilities, and defensive strategies against voice-based social engineering.
Since April 2026, O-UNC-066, the extortion actor also known as Pink, has targeted enterprise Microsoft 365 customers with phone-led account takeovers that abuse Microsoft’s passkey enrollment push, steering victims to fake passkey sites while attackers register their own access to live accounts...
Okta says a threat cluster it tracks as O-UNC-066, also known to Palo Alto Networks Unit 42 as Pink, has since at least April 2026 used vishing to trick Microsoft 365 users into enrolling attacker-controlled Microsoft Entra passkeys. The campaign is not a break in passkey cryptography; it is a...
Hackers are now combining sophisticated, customizable phishing kits with phone-based social engineering to pull off real-time, MFA-defeating attacks against single sign-on (SSO) systems used by Google, Microsoft, Okta and major cryptocurrency providers. Security teams are seeing the emergence of...
The game of cybersecurity is growing fiercer, and it seems like cybercriminals are playing like it's the Super Bowl of hacking. Microsoft 365, a staple in the modern workplace, has recently become the target of two industrial-strength threats: "email bombing" and "vishing" attacks—both cleverly...
If you thought the realm of cyberattacks couldn't possibly come up with yet another clever way to wreak havoc, guess what? The threat actors behind the persistent DarkGate Remote Access Trojan (RAT) are here to prove you wrong! In what seems to be the malware equivalent of a crime-thriller...