Microsoft’s Security Update Guide lists CVE-2025-55243 as a spoofing vulnerability in Microsoft OfficePlus that can lead to the exposure of sensitive information and enable an attacker to perform spoofing over a network, but key public mirrors and automated scrapers offer limited or inconsistent...
Microsoft is imposing a hard cap on outbound email sent from the shared onmicrosoft.com tenant namespace: mail from MOERA (Microsoft Online Email Routing Address) domains will be throttled to 100 external recipients per organization in any 24‑hour rolling window, with attempts beyond that...
Microsoft’s Exchange team has announced a sweeping, tenant-level restriction that will limit outbound email sent from the shared onmicrosoft.com namespace (MOERA — Microsoft Online Email Routing Address) to 100 external recipients per organization per 24‑hour rolling window, and the change comes...
Microsoft is moving to strictly limit outbound email sent from the shared .onmicrosoft.com tenant namespace — commonly called MOERA (Microsoft Online Email Routing Address) — introducing a hard cap that will throttle messages sent from onmicrosoft.com addresses to 100 external recipients per...
Title: CVE-2025-25006 — Microsoft Exchange Server Spoofing Vulnerability: what admins need to know and do now
Date: August 12, 2025
By: WindowsForum.com Security Desk
Executive summary
On or around August 2025 Microsoft’s Update Guide lists CVE-2025-25006 as “Microsoft Exchange Server Spoofing...
Threat actors have escalated their tactics by exploiting the Microsoft 365 Direct Send feature, fundamentally altering the landscape of email-based cyber attacks. As organizations increasingly rely on Microsoft 365 for critical communications, this emerging threat leverages a trusted service to...
Cybersecurity researchers have uncovered a sophisticated phishing campaign exploiting Microsoft 365's Direct Send feature to deliver internal-looking emails without authentication. This method allows attackers to bypass traditional email security measures, posing significant risks to...
Hackers are increasingly exploiting one of Microsoft 365’s lesser-known conveniences—Direct Send—to launch sophisticated phishing campaigns that closely mimic internal communications, putting even well-defended organizations at serious risk. As recent research from Varonis and corroborating...
In recent months, cybersecurity researchers have uncovered a sophisticated phishing campaign that exploits Microsoft 365's "Direct Send" feature to impersonate internal users and bypass traditional email security measures. This technique has targeted over 70 organizations, primarily in the...
Sophisticated cybercriminals have recently demonstrated yet another way to exploit trust in internal communications—this time, by leveraging a Microsoft 365 feature originally intended for convenience. The Varonis Managed Data Detection and Response (MDDR) forensic team has uncovered a striking...
Implementing Domain-based Message Authentication, Reporting, and Conformance (DMARC) in Microsoft 365 is a critical step toward enhancing email security by preventing domain spoofing and phishing attacks. However, the process is fraught with challenges that can complicate deployment and...
A recent analysis of 180 healthcare email breaches between January 1, 2024, and January 31, 2025, has unveiled significant cybersecurity vulnerabilities within the sector. The 2025 Healthcare Email Security Report by Paubox highlights that email remains the primary attack vector, leading to...