An aggressive password-spraying campaign targeting Microsoft 365 environments generated more than 81 million login attempts over a two-week period.
A new variation of the ClickFix attack dubbed 'ConsentFix' abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) ...
Starting in October, Microsoft will require multifactor authentication (MFA) for all Azure sign-ins. Microsoft said the policy change is in line with its current focus on enhancing digital security ...