Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts
A password-spraying campaign exploiting Azure CLI’s legacy login system has breached at least 78 Microsoft accounts in a massive 81M+ attempt assault.
Velocity
How fast coverage is spreading — measured hourly from article rate × source diversity. How this works →
The brief
Coverage highlights the campaign’s scale—over 81 million login attempts—and the persistence of legacy authentication protocols in Azure environments, which attackers are exploiting. SecurityWeek, Cybernews, Security Affairs, and *The Hacker News* report the incident as a growing threat to cloud security, emphasizing the need for organizations to disable legacy authentication methods immediately. The attack leverages Azure CLI’s support for older authentication systems, which remain enabled in many corporate setups despite Microsoft’s push to modernize.
Microsoft has not yet issued a formal statement, but security firms urge affected organizations to audit CLI configurations and enforce multi-factor authentication (MFA) as a mitigation step. Watch for updates on Microsoft’s official response, including potential patches or guidance for Azure CLI users. Organizations using legacy authentication should prioritize disabling these methods to prevent further breaches.
Coverage may expand to include affected industries or additional compromised accounts as investigations progress.
Synthesized by headlinez.news from the headlines below under a strict no-invention contract. ✓ fact-checked: unsupported claims removed (78% supported) Updated just now.
Quick answers
What is a password-spraying attack?
A password-spraying attack involves testing a large number of common passwords across many accounts to bypass authentication systems, rather than targeting a single account with brute-force methods.
Why is Azure CLI vulnerable in this case?
The vulnerability stems from the continued use of legacy authentication protocols in Azure CLI, which attackers exploit to gain unauthorized access to accounts.
Has Microsoft commented on the breach?
As of now, coverage does not specify a formal statement from Microsoft, though security firms are advising immediate action to mitigate risks.
Coverage (4)
- Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs Security Affairs · 11h ago
- Massive password-spraying attack hits Microsoft Azure CLI, with legacy login still active at many orgs Cybernews · 11h ago
- Massive Password Spray Campaign Targeting Azure CLI SecurityWeek · 11h ago
- Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts The Hacker News · 11h ago
Topics
Related trends
Three AirDrop vulnerabilities discovered, with Apple working on a full fix
Security researchers have identified three vulnerabilities in AirDrop and Quick Share protocols affecting billions of mobile devices and laptops.
New BioShocking Attack Tricks AI Browsers Into Leaking User Credentials
AI browsers are being exploited in a new attack that bypasses traditional security—leaking credentials without user awareness.
Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw
Zero-authentication SSH exploit code goes public, raising alarms in cybersecurity circles
Proton launches Lumo 2.0 with image generation, memory, private web search, more
Proton has released Lumo 2.0, introducing new AI capabilities including image generation, memory, and private web search features.
What’s new in Android’s June 2026 Google System Updates [U]
Google has deployed a comprehensive June 2026 system update for Android devices, addressing 124 security vulnerabilities and improving performance.
Apple iPhone 18 Pro supplier list, parts and photos exposed in Tata data leak
Tata Electronics has confirmed a data breach exposing sensitive details about the upcoming Apple iPhone 18 Pro, including supplier lists and component photos.