Microsoft's threat intelligence team reported that a subgroup of the Russian hacking group Seashell Blizzard has expanded its malicious activities to target critical infrastructure in the U.S., Canada, Australia, and the U.K. over the past year. This group is exploiting common vulnerabilities in internet-facing networks, particularly affecting systems in critical sectors. Additionally, there are ongoing concerns regarding a vulnerability in Palo Alto Networks' PAN-OS (CVE-2025-0108), which is currently under active exploitation. Attackers are taking advantage of an authentication bypass flaw that allows unauthenticated access to execute specific PHP scripts. Furthermore, Microsoft has warned that the Seashell Blizzard group is also targeting Microsoft 365 accounts through device code phishing attacks, leveraging a campaign that has been active since August 2024.