A Chinese botnet has launched extensive cyberattacks against Microsoft 365 accounts, utilizing a method that bypasses multi-factor authentication (MFA). This massive botnet, reportedly composed of over 130,000 compromised devices, has been conducting large-scale password spraying attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed the exploitation of critical vulnerabilities affecting Microsoft’s partner program website. Additionally, CISA has added vulnerabilities related to Microsoft Partner Center and Synacor Zimbra Collaboration Suite to its Known Exploited Vulnerabilities catalog, indicating active exploitation. In a related development, a new Linux malware named 'Auto-Color' is targeting universities and government organizations, employing advanced tactics to evade detection and grant hackers remote access to compromised systems. Another botnet, PolarEdge, is also exploiting vulnerabilities in Cisco, ASUS, QNAP, and Synology devices, with over 2,000 devices already compromised.