Pink is a apt_group tracked across 2 threat clusters and 2 intelligence report mentions on ThreatCluster. First observed July 11, 2026; most recent activity July 11, 2026.
A new data extortion group named Helix has emerged, utilizing identity-focused tactics such as vishing and device code phishing to exploit Microsoft 365 environments. The group primarily targets SharePoint, employing…
Since April 2026, a threat actor identified as O-UNC-066, also known as 'Pink', has been executing a vishing campaign aimed at Microsoft 365 users. The campaign exploits a new passkey enrollment feature introduced by…