81M Login Attempts: Massive Azure CLI Password Spray Campaign
Attackers exploited deprecated OAuth ROPC flow to bypass MFA, compromising 78 accounts across 64 organizations. Attack originated from Hong Kong and China infrastructure.
6 articles tagged with "Azure"
Attackers exploited deprecated OAuth ROPC flow to bypass MFA, compromising 78 accounts across 64 organizations. Attack originated from Hong Kong and China infrastructure.
Threat actor PCPJack compromised 230 AWS, Azure, and Google Cloud servers to build a hidden email relay network. Hunt.io and SentinelOne researchers expose the operation.
New ConsentFix v3 attack automates Microsoft Azure OAuth credential theft using Pipedream webhooks and Cloudflare phishing pages. Pre-trusted apps bypass MFA entirely.
Silverfort researchers discover Microsoft's AI agent management role could be abused to take over arbitrary service principals in Entra ID tenants. Microsoft patched the privilege escalation flaw on April 9.
Microsoft Azure Kubernetes Service has a critical auth bypass (CVE-2026-33105) with a perfect CVSS 10.0 score. Unauthenticated attackers can escalate to cluster admin—patch now.
Check Point researchers expose a sophisticated cloud-native malware framework designed from the ground up to target AWS, Azure, GCP, and containerized environments.