Threat actors have escalated their tactics by exploiting the Microsoft 365 Direct Send feature, fundamentally altering the landscape of email-based cyber attacks. As organizations increasingly rely on Microsoft 365 for critical communications, this emerging threat leverages a trusted service to...
Cybersecurity researchers have uncovered a sophisticated phishing campaign exploiting Microsoft 365's Direct Send feature to deliver internal-looking emails without authentication. This method allows attackers to bypass traditional email security measures, posing significant risks to...
Cybercriminals have ramped up efforts to exploit Microsoft 365’s Direct Send feature and unsecured SMTP relays, launching sophisticated phishing campaigns that masquerade as internal company emails—placing even vigilant organizations at substantial risk. According to recent research by...
As cyber threats continue to evolve, organizations leveraging cloud-based productivity suites like Microsoft 365 face novel forms of attack that exploit the platform’s very architecture. Recently, security researchers unveiled a troubling trend: hackers are weaponizing Microsoft 365’s Direct...
Threat actors are increasingly exploiting Microsoft 365’s Direct Send feature to conduct highly convincing internal phishing campaigns, eroding trust within organizations and challenging the efficacy of traditional security defenses. This emergent attack vector, recently highlighted by...
In May 2025, cybersecurity researchers at Varonis Threat Labs uncovered a sophisticated phishing campaign exploiting Microsoft 365's Direct Send feature. This attack has targeted over 70 organizations, with 95% based in the United States, across sectors such as financial services, manufacturing...
Hackers are increasingly exploiting one of Microsoft 365’s lesser-known conveniences—Direct Send—to launch sophisticated phishing campaigns that closely mimic internal communications, putting even well-defended organizations at serious risk. As recent research from Varonis and corroborating...
In recent months, cybersecurity researchers have uncovered a sophisticated phishing campaign that exploits Microsoft 365's "Direct Send" feature to impersonate internal users and bypass traditional email security measures. This technique has targeted over 70 organizations, primarily in the...
Hackers continue to evolve their tactics, and with sophisticated attacks targeting even the most mature enterprise technology stacks, the recent exploitation of Microsoft 365’s Direct Send feature underscores the persistent cat-and-mouse game between IT teams and cybercriminals. Direct Send, a...
Microsoft 365 has long positioned itself as a secure, enterprise-grade communication and productivity suite, trusted by thousands of organizations worldwide. Yet, as threat actors grow in sophistication, even the most well-intentioned features can be cleverly subverted to bypass traditional...
A new wave of phishing attacks has cast a harsh spotlight on the security assumptions underlying Microsoft 365, as cybercriminals adapt with alarming speed to exploit lesser-known features. Over the past two months, a sophisticated campaign has targeted more than 70 organizations across critical...
Few security challenges expose both the evolving sophistication of cybercriminal tactics and the unintended weaknesses of enterprise cloud platforms as starkly as the recent abuse of Microsoft 365’s “Direct Send” feature. In a rapidly intensifying phishing campaign discovered in May 2025, threat...