Massive botnet hits Microsoft 365 accounts - Help Net Security

A massive botnet of over 130,000 compromised devices is launching coordinated password-spraying attacks against Microsoft 365 accounts, exploiting a critical security blind spot in non-interactive sign-ins. This campaign, potentially linked to China-affiliated threat actors, highlights the urgency of transitioning to more secure authentication methods before it is exploited on a larger scale. Security teams should review non-interactive sign-in logs, rotate credentials, and disable legacy authentication protocols to mitigate the risk.