All news with #password spraying tag

🔒 Kaspersky analyzed 231 million unique passwords leaked on dark‑web forums (2023–2026) and found that 60% can be cracked in under an hour, with 48% broken in less than a minute. The testing used a single RTX 5090 GPU against MD5 hashes, illustrating how rapidly cracking speeds are improving. The report identifies common human patterns—digits, years, predictable words and popular special characters—and warns that many users reuse unchanged passwords for years. It recommends practical defenses such as a password manager, passkeys, and strong two‑factor authentication.

🔐 Attackers increasingly rely on stolen credentials—via credential stuffing, password spraying and phishing—to gain immediate, low-noise access. Legitimate logins often evade detection, allowing adversaries to dump additional passwords, move laterally, and persist. The author warns that AI is accelerating these techniques and advocates a DAIR (Dynamic Approach to Incident Response) loop, plus clear communication and hands-on training to contain and remediate identity-based intrusions.

🔒 Specops compared two flagship AI accelerators, the Nvidia H200 and AMD MI300X, against the consumer RTX 5090 using Hashcat benchmarks for MD5, NTLM, bcrypt, SHA-256 and SHA-512. The RTX 5090 outperformed both AI GPUs across all tested algorithms, often by wide margins, meaning the expensive AI hardware does not translate to superior password-cracking performance. Price-to-performance was stark: the H200 costs at least ten times an RTX 5090 yet delivers lower hash rates. The practical risk remains weak or reused credentials; long passphrases, breached-password detection, and MFA are the recommended mitigations.

🔒 Check Point reports an ongoing Iran-nexus password-spraying campaign against Microsoft 365 tenants, primarily impacting Israel and the U.A.E. in three waves on March 3, 13 and 23, 2026. The actor employed Tor exit nodes and commercial VPN infrastructure (AS35758) and used tools and techniques resembling Gray Sandstorm to scan, attempt logins, and exfiltrate mailbox content. Organizations are advised to enforce MFA, apply conditional access by geography, and monitor sign-in and audit logs for signs of compromise.

🔒 Check Point Research identified an Iran-linked password-spraying campaign targeting Microsoft 365 cloud environments carried out in three waves on March 3, March 13, and March 23. The campaign primarily focused on Israel and the UAE, affecting more than 300 organizations in Israel and over 25 in the UAE. Activity tied to the same actor was also observed against a limited number of targets in Europe, the United States, the United Kingdom, and Saudi Arabia. These attempts seek account takeover and cloud footholds, highlighting the need for strengthened access controls and faster detection.

🔒 This concise guide explains fast, practical steps to recover a compromised online account and limit attacker control. It recommends a prioritized, timed response—contain the incident, secure access, and check for persistent compromises—emphasizing actions like change passwords, remove unauthorized forwarding, enable two-factor authentication, and revoke sessions from a known-clean device. The piece also covers device cleanup, notifying contacts and banks, and long-term protections such as password managers, authenticator apps, hardware keys and regular software updates.

🔐 Fortinet investigated recent reports of AI-assisted attacks and found no exploitation of FortiGate vulnerabilities; attackers instead exploited exposed management ports and weak single-factor credentials using automated password spraying. The novel concern is that conversational AI prompts and cloud resources can now automate target discovery, credential guessing, vulnerability assessment, and exploitation at scale with no coding required. Fortinet stresses defense-in-depth and rapid remediation.

🔐 Attackers often build highly effective password lists without AI by harvesting organization-specific language from public websites. Tools like CeWL crawl corporate pages to extract terms that users recognize, which attackers then mutate into plausible passwords. This technique explains guidance in NIST SP 800-63B and shows why blocking context-derived and breached passwords is essential.

🔐 Near-identical password reuse—small, predictable modifications to existing credentials—regularly bypasses standard complexity and password-history checks, creating a persistent attack vector even in well-managed environments. Attackers weaponize breached credential lists with automated transformations to infer updated passwords quickly. Users favor these tweaks because they are memorable and compliant on the surface. Implement continuous breach monitoring, similarity analysis, and centralized controls such as Specops Password Policy to detect and block overly similar replacements.

🔔 LastPass is warning users about an active phishing campaign observed from around January 19, 2026, that impersonates the service and urges users to create local backups within 24 hours to harvest master passwords. The messages route recipients through a staged AWS S3 URL that then redirects to a fraudulent domain (mail-lastpass[.]com) and originate from several spoofed support addresses. LastPass said it will never ask for master passwords and is working with partners to take down the malicious infrastructure while urging users to report suspicious messages.

🔐 Two 2025 analyses by NordPass and Comparitech show that simple numeric strings like '123456' continue to dominate leaked password lists worldwide. Across 44 countries, 25% of the top 1,000 passwords are purely numeric, while predictable entries such as 'admin', '12345678' and '12345' remain widespread, including in the US and UK. Security advice is clear: change weak or reused passwords, use a reputable password manager, and enable two‑factor authentication or passkeys to reduce account takeover risk. Organizations should combine technical controls with user training to mitigate large‑scale exposure.

🔐 An automated password-spraying campaign is targeting multiple VPN platforms, with credential-based attacks observed against Palo Alto Networks GlobalProtect portals and Cisco SSL VPN gateways. GreyNoise recorded login attempts peaking at 1.7 million over 16 hours from more than 10,000 unique IPs, largely originating from the 3xK GmbH hosting space. The actor reused common username/password combinations and used an unusual Firefox user agent, indicating scripted credential probing rather than exploitation. Administrators are advised to enforce strong passwords, enable MFA, audit appliances, and block known malicious IPs.

🔒 In January 2024, Russian attackers bypassed layered defenses at Microsoft, underscoring that passwords remain a primary attack vector in complex IT environments. The article identifies frequent failure points such as forgotten legacy accounts and predictable user patterns, and recommends adaptive controls: advanced banned password lists, nuanced rotation policies, long memorable passphrases, and risk-based authentication. It also advises a staged rollout with user education, clear KPIs, and practical self-service resets, and highlights Specops Password Policy as a tool that scans Active Directory against billions of compromised passwords.

🔒 Intrinsec reports that Ukraine-based autonomous system FDN3 (AS211736) conducted widespread brute-force and password-spraying campaigns targeting SSL VPN and RDP endpoints between June and July 2025, with activity peaking July 6–8. The firm links FDN3 to two other Ukrainian ASes (AS61432, AS210950) and a Seychelles operator (AS210848) that frequently exchange IPv4 prefixes to evade blocklisting. Intrinsec highlights ties to bulletproof hosting providers and a Russian-associated Alex Host LLC, stressing that offshore peering arrangements complicate attribution and takedown efforts.