Today’s cybersecurity news highlights a surge in sophisticated phishing campaigns targeting Microsoft 365 users, alongside alarming hardware vulnerabilities and new international efforts to combat online scams. Organisations face growing challenges from state-aligned threat groups and criminal networks exploiting both software and firmware weaknesses. Meanwhile, strategic partnerships are evolving to bolster cloud and AI security.
Microsoft 365 Under Siege: Phishing and Account Takeovers
Several reports have emerged detailing an intense wave of attacks against Microsoft 365 accounts, primarily leveraging OAuth device code phishing techniques. Multiple threat actors are exploiting the OAuth device code authorization mechanism to gain unauthorised access, making these attacks particularly insidious and difficult to detect.
Nigeria Arrests Raccoon0365 Developer
In a significant law enforcement action, Nigerian authorities arrested three individuals linked to the development and deployment of the Raccoon0365 phishing-as-a-service platform. This platform is notorious for facilitating targeted Microsoft 365 cyberattacks, underscoring the growing criminal infrastructure behind these campaigns.
Russia-Linked Hackers Exploit Device Code Phishing
In parallel, a Russia-aligned group tracked as UNK_AcademicFlare by cybersecurity firm Proofpoint has been conducting ongoing phishing campaigns since September 2025. They use device code authentication workflows to steal credentials and conduct account takeover attacks, particularly targeting government entities. This highlights the persistent threat posed by nation-state actors leveraging sophisticated phishing tactics.
What This Means for Security Teams
For security professionals and business leaders, these developments emphasise the critical need for robust multi-factor authentication (MFA) methods that go beyond OAuth device codes, continuous monitoring for suspicious authentication flows, and user education to recognise phishing attempts. Organisations relying heavily on Microsoft 365 services must prioritise these defensive measures to mitigate account compromise risks.
Hardware Vulnerabilities: UEFI Flaws in Popular Motherboards
A newly disclosed vulnerability affects the UEFI firmware implementations in motherboards from ASUS, Gigabyte, MSI, and ASRock. This flaw enables direct memory access (DMA) attacks that can bypass early-boot memory protections, potentially allowing attackers to execute pre-boot code and compromise systems at a fundamental level.
This vulnerability is especially concerning because it targets firmware, which is less frequently updated and monitored compared to software. Security teams must ensure that firmware updates are applied promptly and consider additional hardware-level protections where possible.
Emerging Threat Groups and Regional Cybersecurity Initiatives
LongNosedGoblin Targets Asian Governments
A new China-aligned advanced persistent threat (APT) group named LongNosedGoblin has been detected deploying Group Policy abuse techniques to infiltrate government networks across Southeast Asia and Japan. This campaign exemplifies the continued geopolitical dimension of cyber-espionage and the importance of threat intelligence sharing.
Thailand Conference Launches International Anti-Scam Initiative
Regional cooperation is stepping up with a new international initiative launched at a conference in Thailand aimed at combating online scams. This builds on prior commitments by the Association of Southeast Asian Nations (ASEAN) to disrupt scam networks, reflecting a growing recognition of cross-border collaboration’s necessity in tackling cybercrime.
Other Noteworthy Developments
- Cisco VPN and Email Services Attacked: Cisco faced two distinct threat campaigns within days—a sophisticated, high-severity attack and a broad spray-and-pray assault—highlighting persistent targeting of critical networking and communication infrastructure.
- Microsoft Teams Service Disruption: Thousands of users experienced delayed messaging on Microsoft Teams, underscoring the risks of reliance on cloud collaboration platforms and the need for contingency planning.
- Strategic AI and Cloud Security Partnership: Palo Alto Networks and Google Cloud announced a multibillion-dollar deal to enhance AI and cloud security capabilities, integrating cutting-edge AI models into Palo Alto’s security offerings.
Key Takeaways
- Microsoft 365 remains a prime target for phishing campaigns using OAuth device code workflows, demanding enhanced authentication and user awareness.
- Firmware vulnerabilities in widely used motherboards expose organisations to sophisticated pre-boot attacks; timely patching is critical.
- State-aligned threat actors continue to exploit geopolitical tensions, with APT groups targeting government networks in Asia.
- International collaboration is intensifying to combat online scams, especially in Southeast Asia.
- High-profile service disruptions and targeted attacks on infrastructure providers like Cisco and Microsoft highlight the ongoing threat to critical communication tools.
- Strategic partnerships combining AI and cloud security signal evolving approaches to cybersecurity defence.
Security teams and business leaders should stay vigilant, prioritise patch management, strengthen identity and access controls, and foster international cooperation to effectively manage these evolving threats.