Security News > 2025 > February > Botnet targets Basic Auth in Microsoft 365 password spray attacks

Botnet targets Basic Auth in Microsoft 365 password spray attacks

2025-02-24 17:49

A massive botnet of over 130,000 compromised devices is conducting password-spray attacks against Microsoft 365 (M365) accounts worldwide, attempting to confirm credentials. [...]

News URL

https://www.bleepingcomputer.com/news/security/botnet-targets-basic-auth-in-microsoft-365-password-spray-attacks/

#365 #attack #botnet #microsoft

Related news

Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts (source)
Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year (source)
Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
Microsoft: Licensing issue blocks Microsoft 365 Family for some users (source)
Microsoft Defender will isolate undiscovered endpoints to block attacks (source)
Tycoon2FA phishing kit targets Microsoft 365 with new tricks (source)
ActiveX blocked by default in Microsoft 365 because remote code execution is bad, OK? (source)
Microsoft blocks ActiveX by default in Microsoft 365, Office 2024 (source)
Attackers phish OAuth codes, take over Microsoft 365 accounts (source)

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		383	52	1433	2954	180	4619

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.