SANS Stormcast Monday, April 21st: MSFT Entra Lockouts; Erlang/OTP SSH Exploit; Sonicwall Exploit; bubble.io bug

Microsoft Entra User Lockout
Multiple organizations reported widespread alerts and account lockouts this weekend from Microsoft Entra. The issue is caused by a new feature Microsoft enabled. This feature will lock accounts if Microsoft believes that the password for the account was compromised.
https://www.bleepingcomputer.com/news/microsoft/widespread-microsoft-entra-lockouts-tied-to-new-security-feature-rollout/
https://learn.microsoft.com/en-us/entra/identity/authentication/feature-availability
Erlang/OTP SSH Exploit
An exploit was published for the Erlang/OTP SSH vulnerability. The vulnerability is easy to exploit, and the exploit and a Metasploit module allow for easy remote code execution.
https://github.com/exa-offsec/ssh_erlangotp_rce/blob/main/ssh_erlangotp_rce.rb
Sonicwall Exploited
An older command injection vulnerability is now exploited on Sonicwall devices after initially gaining access by brute-forcing credentials.
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0022
Unpatched Vulnerability in Bubble.io
An unpatched vulnerability in the no-code platform bubble.io can be used to access any project hosted on the site.
https://github.com/demon-i386/pop_n_bubble