• About
  • Advertise
  • Privacy & Policy
  • Contact
Vidianews
  • Home
  • Entertainment
    • All
    • Gaming
    • Movie
    onimusha:-way-of-the-sword-release-date-pushed-back-to-avoid-gta-6-rush

    Onimusha: Way of the Sword release date pushed back to avoid GTA 6 rush

    watch-taylor-swift’s-wedding-planning-live-outside-of-msg

    Watch Taylor Swift’s Wedding Planning Live Outside of MSG

    three-women-face-charges-after-alleged-‘free-karmelo’-assault-in-texas

    Three women face charges after alleged ‘Free Karmelo’ assault in Texas

    Free PlayStation Plus officially available until July 5

    J.

    we’re-‘one-step-closer’-to-the-death-of-physical-games,-analysts-say

    We’re ‘one Step Closer’ To The Death Of Physical Games, Analysts Say

  • Sports
  • Tech
    • All
    • Gadget
    • Startup
    81-million-login-attempts-have-hit-microsoft-365-accounts-as-hackers-attempt-to-password-spray-to-force-entry-using-stolen-credentials-and-oauth-to-bypass-authentication.

    81 million login attempts have hit Microsoft 365 accounts as hackers attempt to password-spray to force entry using stolen credentials and OAuth to bypass authentication.

    ‘

    ‘

    Your AI Glossary: ​​54 Terms Everyone Should Know

    new-survey-links-social-media-and-chatbots-to-the-spread-of-vaccine-misinformation

    New survey links social media and chatbots to the spread of vaccine misinformation

    power-anywhere-with-the-best-travel-adapters

    Power Anywhere with the Best Travel Adapters

    ai-for-cement-and-concrete:-gcca-innovandi-open-challenge-2026

    AI for cement and concrete: GCCA Innovandi Open Challenge 2026

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
  • Lifestyle
    • All
    • Faith
    • Health
    • Travel
    getting-around-in-mykonos:-why-transport-spoils-trips-more-than-anything-else

    Getting around in Mykonos: why transport spoils trips more than anything else

    fda-approves-first-neurostimulation-device-for-ptsd-–-medcity-news

    FDA Approves First Neurostimulation Device for PTSD – MedCity News

    how-god-can-resurrect-your-past-and-create-a-beautiful-future

    How God Can Resurrect Your Past and Create a Beautiful Future

    what-separates-a-quality-pre-roll-from-a-mediocre-one-–-social-lifestyle-magazine

    What separates a quality pre-roll from a mediocre one – Social Lifestyle Magazine

    this-blueberry-cornmeal-cake-tastes-like-summer-in-every-bite

    This Blueberry Cornmeal Cake Tastes Like Summer in Every Bite

    merriweather-lakehouse-hotel:-the-ultimate-summer-getaway-in-maryland-|-live-better

    Merriweather Lakehouse Hotel: The Ultimate Summer Getaway In Maryland | Live Better

    Trending Tags

    • Golden Globes
    • Game of Thrones
    • MotoGP 2017
    • eSports
    • Fashion Week
  • News
    • All
    • Business
    • Science

    🔴 Ukraine live: Russian missiles and drones kill residents and destroy buildings in massive attack on kyiv

    oil-prices-poised-for-fourth-straight-weekly-loss-as-trump-sees-progress-in-us-iran-talks

    Oil prices poised for fourth straight weekly loss as Trump sees progress in US-Iran talks

    june-jobs-report-expected-to-show-steady-hiring,-but-economists-see-many-warning-signs

    June jobs report expected to show steady hiring, but economists see many warning signs

    russia-launches-deadly-large-scale-missile-strikes-on-kyiv

    Russia launches deadly large-scale missile strikes on Kyiv

    smuggler-convicted-in-france-and-discovered-by-bbc-living-in-uk-and-seeking-asylum

    Smuggler convicted in France and discovered by BBC living in UK and seeking asylum

    ‘Two weeks after his death, I received a call’: Gaza patients face agonizing delays in evacuation

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Business
  • Politics
  • World
  • Review

    Facebook’s Dream Hire, Former British Deputy Prime Minister Nick Clegg, Gets Off to a Bad Start

    The iPhone Ultra is expected to launch in a white color; May feature vapor chamber cooling

    Elon Musk scaled back his dreams of ending climate change

    Apple’s Ray-Ban Meta Rivaling smart glasses reportedly delayed until next year; Vision Air will launch in 2029

    US-China trade war turns into tech war

    Oura Ring 4 Review: An Always-On Solution for Effective Health Monitoring

No Result
View All Result
  • Home
  • Entertainment
    • All
    • Gaming
    • Movie
    onimusha:-way-of-the-sword-release-date-pushed-back-to-avoid-gta-6-rush

    Onimusha: Way of the Sword release date pushed back to avoid GTA 6 rush

    watch-taylor-swift’s-wedding-planning-live-outside-of-msg

    Watch Taylor Swift’s Wedding Planning Live Outside of MSG

    three-women-face-charges-after-alleged-‘free-karmelo’-assault-in-texas

    Three women face charges after alleged ‘Free Karmelo’ assault in Texas

    Free PlayStation Plus officially available until July 5

    J.

    we’re-‘one-step-closer’-to-the-death-of-physical-games,-analysts-say

    We’re ‘one Step Closer’ To The Death Of Physical Games, Analysts Say

  • Sports
  • Tech
    • All
    • Gadget
    • Startup
    81-million-login-attempts-have-hit-microsoft-365-accounts-as-hackers-attempt-to-password-spray-to-force-entry-using-stolen-credentials-and-oauth-to-bypass-authentication.

    81 million login attempts have hit Microsoft 365 accounts as hackers attempt to password-spray to force entry using stolen credentials and OAuth to bypass authentication.

    ‘

    ‘

    Your AI Glossary: ​​54 Terms Everyone Should Know

    new-survey-links-social-media-and-chatbots-to-the-spread-of-vaccine-misinformation

    New survey links social media and chatbots to the spread of vaccine misinformation

    power-anywhere-with-the-best-travel-adapters

    Power Anywhere with the Best Travel Adapters

    ai-for-cement-and-concrete:-gcca-innovandi-open-challenge-2026

    AI for cement and concrete: GCCA Innovandi Open Challenge 2026

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
  • Lifestyle
    • All
    • Faith
    • Health
    • Travel
    getting-around-in-mykonos:-why-transport-spoils-trips-more-than-anything-else

    Getting around in Mykonos: why transport spoils trips more than anything else

    fda-approves-first-neurostimulation-device-for-ptsd-–-medcity-news

    FDA Approves First Neurostimulation Device for PTSD – MedCity News

    how-god-can-resurrect-your-past-and-create-a-beautiful-future

    How God Can Resurrect Your Past and Create a Beautiful Future

    what-separates-a-quality-pre-roll-from-a-mediocre-one-–-social-lifestyle-magazine

    What separates a quality pre-roll from a mediocre one – Social Lifestyle Magazine

    this-blueberry-cornmeal-cake-tastes-like-summer-in-every-bite

    This Blueberry Cornmeal Cake Tastes Like Summer in Every Bite

    merriweather-lakehouse-hotel:-the-ultimate-summer-getaway-in-maryland-|-live-better

    Merriweather Lakehouse Hotel: The Ultimate Summer Getaway In Maryland | Live Better

    Trending Tags

    • Golden Globes
    • Game of Thrones
    • MotoGP 2017
    • eSports
    • Fashion Week
  • News
    • All
    • Business
    • Science

    🔴 Ukraine live: Russian missiles and drones kill residents and destroy buildings in massive attack on kyiv

    oil-prices-poised-for-fourth-straight-weekly-loss-as-trump-sees-progress-in-us-iran-talks

    Oil prices poised for fourth straight weekly loss as Trump sees progress in US-Iran talks

    june-jobs-report-expected-to-show-steady-hiring,-but-economists-see-many-warning-signs

    June jobs report expected to show steady hiring, but economists see many warning signs

    russia-launches-deadly-large-scale-missile-strikes-on-kyiv

    Russia launches deadly large-scale missile strikes on Kyiv

    smuggler-convicted-in-france-and-discovered-by-bbc-living-in-uk-and-seeking-asylum

    Smuggler convicted in France and discovered by BBC living in UK and seeking asylum

    ‘Two weeks after his death, I received a call’: Gaza patients face agonizing delays in evacuation

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Business
  • Politics
  • World
  • Review

    Facebook’s Dream Hire, Former British Deputy Prime Minister Nick Clegg, Gets Off to a Bad Start

    The iPhone Ultra is expected to launch in a white color; May feature vapor chamber cooling

    Elon Musk scaled back his dreams of ending climate change

    Apple’s Ray-Ban Meta Rivaling smart glasses reportedly delayed until next year; Vision Air will launch in 2029

    US-China trade war turns into tech war

    Oura Ring 4 Review: An Always-On Solution for Effective Health Monitoring

No Result
View All Result
Vidianews
No Result
View All Result
Home Tech

81 million login attempts have hit Microsoft 365 accounts as hackers attempt to password-spray to force entry using stolen credentials and OAuth to bypass authentication.

Ivan Mehta by Ivan Mehta
July 2, 2026
in Tech
0
81-million-login-attempts-have-hit-microsoft-365-accounts-as-hackers-attempt-to-password-spray-to-force-entry-using-stolen-credentials-and-oauth-to-bypass-authentication.

81 million login attempts have hit Microsoft 365 accounts as hackers attempt to password-spray to force entry using stolen credentials and OAuth to bypass authentication.

0
SHARES
0
VIEWS
Share on FacebookShare on Twitter
Microsoft 365
(Image credit: Microsoft)

  • Password spray attack successfully breached Microsoft 365 accounts
  • Hackers have abused misconfigured conditional access policies to bypass MFA.
  • Many targeted organizations had not implemented MFA

Hackers used previously leaked credentials to target Microsoft 365 accounts in a password spraying attack that resulted in more than 81 million login attempts over a two-week period.

The attackers then abused poorly implemented conditional access policies in the Resource Owner Credentials (ROPC) OAuth mechanism using the Azure command line interface (CLI), allowing attackers to completely bypass authentication when a matching username and password were discovered.

Cybersecurity firm Huntress observed the attack campaign as it targeted customers and noted that 78 Microsoft accounts across 64 organizations were compromised between June 12 and 26, 2026.

Hackers access 365 accounts without authentication

The success of the attack ultimately depends on how organizations have implemented conditional access policies related to multi-factor authentication.

“Many compromised companies had implemented multi-factor authentication (MFA) via a conditional access policy (CAP), but the MFA was not configured to cover this specific flow used by the attackers,” Huntress explained, referring to ROPC exploitation.

“ROPC is considered problematic for several reasons, but one of those reasons is that it does not offer support for modern authentication flows like MFA or SSO. This means, as we saw in this campaign, ROPC sends the password directly to the /token endpoint without an interactive MFA prompt.”

Several of the organizations that were breached did not enforce an MFA policy at all, while others only enforce MFA on specific user groups such as administrators. In other cases, a connection attempt required MFA only when the traffic came from an untrusted location, meaning that MFA was not enforced if the connection came from a trusted IP address. Additionally, some organizations had only applied MFA in a reporting mode only, meaning that MFA policies were never actually applied.

Sign up for the TechRadar Pro newsletter to get all the top news, opinions, features and tips your business needs to succeed!

To protect against attacks of this type, Huntress has recommended the following mitigation measures:

  • Organizations should implement MFA for all users, all cloud applications, and all types of client applications.
  • Use of the Azure CLI application should be restricted to non-admin users.
  • The attack response should be based on the validity of credentials, rather than spray volume.

Via BeepComputer


Google logo on black background next to the text “Click to follow TechRadar”

Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.


Benedict is a senior security editor at TechRadar Pro, where he specializes in covering the intersection of geopolitics, cyber warfare and enterprise security.

Benedict provides in-depth analysis of state-sponsored threat actors, APT groups, and critical national infrastructure protection, his reports bridging the gap between technical threat intelligence and B2B security strategy.

Benedict holds a Masters (Distinction) in Security, Intelligence and Diplomacy from the University of Buckingham Center for Security and Intelligence Studies (BUCSIS), his specialization providing him with a strong academic framework for deconstructing complex international conflicts and intelligence operations, as well as the ability to translate complex security data into actionable insights.

Related

Ivan Mehta

Ivan Mehta

Stay Connected

  • 99 Subscribers
  • Trending
  • Comments
  • Latest
european-markets-in-mixed-territory-after-a-positive-start

European markets in mixed territory after a positive start

January 26, 2026
how-to-remove-blood-from-clothes:-what-actually-works-|-live-better

How To Remove Blood From Clothes: What Actually Works | Live Better

April 17, 2026
12-sweet-feminine-aesthetic-outfits-for-the-summer-season

12 Sweet Feminine Aesthetic Outfits for the Summer Season

March 13, 2026
how-to-remove-grease-from-clothes:-4-tested-methods-|-live-better

How To Remove Grease From Clothes: 4 Tested Methods | Live Better

April 18, 2026
hansmaker-presents-the-d1-ultra:-a-dual-laser-engraver-designed-for-each-material-–-techenger

Hansmaker presents the D1 Ultra: a dual laser engraver designed for each material – Techenger

0
nascar-driver-denny-hamlin-breaks-silence-after-father-dies-in-house-fire

NASCAR driver Denny Hamlin breaks silence after father dies in house fire

0
fivio-foreign-checks-himself-into-a-$10,000-rehab-center-to-get-his-mind-straight

Fivio Foreign checks himself into a $10,000 rehab center to get his mind straight

0
david-beckham-leaves-brooklyn-for-his-2025-instagram-tribute-amid-family-feud

David Beckham leaves Brooklyn for his 2025 Instagram tribute amid family feud

0
onimusha:-way-of-the-sword-release-date-pushed-back-to-avoid-gta-6-rush

Onimusha: Way of the Sword release date pushed back to avoid GTA 6 rush

July 2, 2026
81-million-login-attempts-have-hit-microsoft-365-accounts-as-hackers-attempt-to-password-spray-to-force-entry-using-stolen-credentials-and-oauth-to-bypass-authentication.

81 million login attempts have hit Microsoft 365 accounts as hackers attempt to password-spray to force entry using stolen credentials and OAuth to bypass authentication.

July 2, 2026
‘

‘

July 2, 2026

Your AI Glossary: ​​54 Terms Everyone Should Know

July 2, 2026

Recent News

onimusha:-way-of-the-sword-release-date-pushed-back-to-avoid-gta-6-rush

Onimusha: Way of the Sword release date pushed back to avoid GTA 6 rush

July 2, 2026
81-million-login-attempts-have-hit-microsoft-365-accounts-as-hackers-attempt-to-password-spray-to-force-entry-using-stolen-credentials-and-oauth-to-bypass-authentication.

81 million login attempts have hit Microsoft 365 accounts as hackers attempt to password-spray to force entry using stolen credentials and OAuth to bypass authentication.

July 2, 2026
‘

‘

July 2, 2026

Your AI Glossary: ​​54 Terms Everyone Should Know

July 2, 2026
Vidianews

Trusted news coverage delivering accurate reporting, breaking headlines, and insightful analysis on global events, business, politics, and tech.

Follow Us

Browse by Category

  • Business
  • Entertainment
  • Faith
  • Gadget
  • Gaming
  • General
  • Health
  • Lifestyle
  • Movie
  • News
  • Politics
  • Review
  • Science
  • Sports
  • Startup
  • Tech
  • Travel
  • World

Recent News

onimusha:-way-of-the-sword-release-date-pushed-back-to-avoid-gta-6-rush

Onimusha: Way of the Sword release date pushed back to avoid GTA 6 rush

July 2, 2026
81-million-login-attempts-have-hit-microsoft-365-accounts-as-hackers-attempt-to-password-spray-to-force-entry-using-stolen-credentials-and-oauth-to-bypass-authentication.

81 million login attempts have hit Microsoft 365 accounts as hackers attempt to password-spray to force entry using stolen credentials and OAuth to bypass authentication.

July 2, 2026
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© © Copyrights 2026 Vidianews. All Rights Reserved. Designed by Vidianews

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result

© © Copyrights 2026 Vidianews. All Rights Reserved. Designed by Vidianews

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version