The recent breach into Microsoft’s network and its top executives’ email by hackers, traced back to Russia-state group Midnight Blizzard, was facilitated through an outdated test account with administrative privileges. The hackers employed a technique called “password spraying” to exploit a weak credential and infiltrate the unprotected account. They compounded this access by creating a malicious app, granting it rights to every email on Microsoft’s Office 365 service.

Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950)
Moxa has fixed 5 vulnerabilities in its industrial network security appliances and routers, including a remotely exploitable flaw (CVE-2025-6950) that may result in complete system