A botnet made up of more than 130,000 compromised devices is conducting large-scale password-spraying attacks against M365 accounts, exploiting non-interactive sign-ins with Basic Authentication. This method lets malicious actors bypass modern login protections, evade multi-factor authentication (MFA) enforcement, and remain undetected by security teams. Leveraging Purloined Credentials Malefactors are leveraging stolen credentials from infostealer logs […]
This article has been indexed from Information Security Buzz