Microsoft’s Security Update Guide lists CVE-2025-55243 as a spoofing vulnerability in Microsoft OfficePlus that can lead to the exposure of sensitive information and enable an attacker to perform spoofing over a network, but key public mirrors and automated scrapers offer limited or inconsistent...
Microsoft is imposing a hard cap on outbound email sent from the shared onmicrosoft.com tenant namespace: mail from MOERA (Microsoft Online Email Routing Address) domains will be throttled to 100 external recipients per organization in any 24‑hour rolling window, with attempts beyond that...
Microsoft’s Exchange team has announced a sweeping, tenant-level restriction that will limit outbound email sent from the shared onmicrosoft.com namespace (MOERA — Microsoft Online Email Routing Address) to 100 external recipients per organization per 24‑hour rolling window, and the change comes...
Microsoft is moving to strictly limit outbound email sent from the shared .onmicrosoft.com tenant namespace — commonly called MOERA (Microsoft Online Email Routing Address) — introducing a hard cap that will throttle messages sent from onmicrosoft.com addresses to 100 external recipients per...
Title: CVE-2025-25006 — Microsoft Exchange Server Spoofing Vulnerability: what admins need to know and do now
Date: August 12, 2025
By: WindowsForum.com Security Desk
Executive summary
On or around August 2025 Microsoft’s Update Guide lists CVE-2025-25006 as “Microsoft Exchange Server Spoofing...
Threat actors have escalated their tactics by exploiting the Microsoft 365 Direct Send feature, fundamentally altering the landscape of email-based cyber attacks. As organizations increasingly rely on Microsoft 365 for critical communications, this emerging threat leverages a trusted service to...
Hackers are increasingly exploiting one of Microsoft 365’s lesser-known conveniences—Direct Send—to launch sophisticated phishing campaigns that closely mimic internal communications, putting even well-defended organizations at serious risk. As recent research from Varonis and corroborating...
Sophisticated cybercriminals have recently demonstrated yet another way to exploit trust in internal communications—this time, by leveraging a Microsoft 365 feature originally intended for convenience. The Varonis Managed Data Detection and Response (MDDR) forensic team has uncovered a striking...
Implementing Domain-based Message Authentication, Reporting, and Conformance (DMARC) in Microsoft 365 is a critical step toward enhancing email security by preventing domain spoofing and phishing attacks. However, the process is fraught with challenges that can complicate deployment and...