A large brute-force attack utilizing nearly 2.8 million IP addresses daily has been ongoing since last month, targeting the credentials of various networking devices, according to Shadowserver. In a related development, Google has introduced a new security feature in Android 16 that prevents scammers from altering critical settings, such as installing apps from unknown sources, while users are on phone calls. This feature aims to combat the rising trend of telephone-oriented attack delivery (TOAD). Additionally, Microsoft reported that a suspected Russia-linked threat actor has been executing a campaign since August 2024, tricking users into completing a device code authentication flow for an attacker-controlled device. Furthermore, a notorious state-sponsored Chinese hacking group known as "RedMike" is reportedly targeting U.S. telecommunications companies by exploiting known vulnerabilities in Cisco devices. Microsoft also addressed two zero-day flaws among the 56 vulnerabilities in its February Patch Tuesday update.