Botnet Targets Microsoft 365 Accounts with Password Spraying Attacks
Botnet Targets Microsoft 365 Accounts with Password Spraying Attacks A botnet comprising over 130,000 compromised devices is launching large-scale password spraying attacks on Microsoft 365 accounts. By leveraging non-interactive sign-ins with Basic Authentication, the attackers bypass modern login protections and evade MFA enforcement, exploiting a critical security gap. Systematically targeting accounts with stolen credentials, they […]
AWS Exploited by A New “whoAMI” Attack
AWS Exploited by A New “whoAMI” Attack In February 2025, cybersecurity researchers found out attack vector termed “whoAMI” which exploits misconfigurations in the retrieval of Amazon Machine Images (AMIs) within Amazon Web Services (AWS) environments. This attack leverages a name confusion vulnerability Enabling malicious actors to gain unauthorized code execution privileges within targeted AWS accounts. […]