non-interactive sign-ins

A publicly exposed appsettings.json file that contained Azure Active Directory application credentials has created a direct, programmatic attack path into affected tenants — a misconfiguration that can let attackers exchange leaked ClientId/ClientSecret pairs for OAuth 2.0 access tokens and then...

A newly surfaced cybersecurity threat has put over 130,000 devices under the control of a sophisticated botnet, leveraging these compromised endpoints to mount large-scale password spraying attacks against Microsoft 365 accounts. This troubling development, uncovered by SecurityScorecard’s...

A recent coordinated botnet campaign targeting Microsoft 365 accounts has raised alarms within the cybersecurity community. According to detailed reporting by Security Magazine, a sprawling network of more than 130,000 compromised devices is carrying out password spraying attacks with a twist...

A new wave of cyber threats is targeting Microsoft 365 users in a sophisticated attack campaign. A suspected China-linked botnet—comprising over 130,000 compromised devices—has been launching password-spraying attacks against Microsoft 365 accounts. By exploiting legacy Basic Authentication...

A recent report from SecurityScorecard's STRIKE Threat Intelligence team has raised alarm bells across the IT security landscape. Over 130,000 compromised devices have been co-opted into a massive botnet campaign that leverages password spraying attacks, targeting Microsoft 365 accounts with an...

A sophisticated botnet is silently targeting Microsoft 365 accounts around the globe. This stealthy campaign leverages a unique password spraying technique against non-interactive sign-ins—a method designed to evade traditional security measures. In this article, we delve into the mechanics of...

In a rapidly evolving cybersecurity landscape, a newly discovered botnet comprising over 130,000 compromised devices has set its sights on Microsoft 365 accounts. This stealthy campaign, uncovered by SecurityScorecard’s STRIKE Threat Intelligence team, leverages sophisticated password spraying...

A new cybersecurity threat is casting a long shadow over Microsoft 365 environments. A mega-botnet—comprising over 130,000 compromised devices—is reportedly executing a high-scale password spray attack on Microsoft 365 accounts. This sophisticated onslaught exploits a little-discussed...

Cyber threats are evolving—and so must our defenses. A recent investigation by Infosecurity Magazine has uncovered a massive Chinese-affiliated botnet that is bypassing multifactor authentication (MFA) in Microsoft 365 (M365) environments. With over 130,000 compromised devices at its disposal...

A recent report by SecurityScorecard has uncovered a massive botnet of over 130,000 compromised devices launching widespread Microsoft 365 password spray attacks. By exploiting the outdated Basic Authentication protocol, threat actors are sidestepping multi-factor authentication (MFA) defenses...

A recently uncovered cyberattack is shaking the very core of enterprise security. A massive botnet—comprising over 130,000 compromised devices—is launching coordinated password-spraying attacks against Microsoft 365 accounts. This incident, reported by Help Net Security, reveals a new twist in...