email authentication

Microsoft’s security portal lists CVE-2025-25007 as a Microsoft Exchange Server spoofing vulnerability caused by improper validation of syntactic correctness of input, but public technical detail and third‑party analysis for this specific CVE remain sparse at the time of publication —...

Threat actors have escalated their tactics by exploiting the Microsoft 365 Direct Send feature, fundamentally altering the landscape of email-based cyber attacks. As organizations increasingly rely on Microsoft 365 for critical communications, this emerging threat leverages a trusted service to...

A new wave of targeted phishing attacks is sweeping through organizations, exploiting a legitimate Microsoft 365 feature to wreak havoc from inside the trusted walls of enterprise email. Security researchers have recently uncovered threat actors using the Microsoft 365 “Direct Send” capability...

Cybersecurity researchers have uncovered a sophisticated phishing campaign exploiting Microsoft 365's Direct Send feature to deliver internal-looking emails without authentication. This method allows attackers to bypass traditional email security measures, posing significant risks to...

Cybercriminals have ramped up efforts to exploit Microsoft 365’s Direct Send feature and unsecured SMTP relays, launching sophisticated phishing campaigns that masquerade as internal company emails—placing even vigilant organizations at substantial risk. According to recent research by...

Leveraging trusted internal channels has long been a gold standard for cybercriminals seeking to evade organizational defenses, but a recent campaign uncovered by Proofpoint signals a new level of ingenuity in exploiting a familiar Microsoft 365 feature: Direct Send. This functionality, designed...

As cyber threats continue to evolve, organizations leveraging cloud-based productivity suites like Microsoft 365 face novel forms of attack that exploit the platform’s very architecture. Recently, security researchers unveiled a troubling trend: hackers are weaponizing Microsoft 365’s Direct...

Threat actors are increasingly exploiting Microsoft 365’s Direct Send feature to conduct highly convincing internal phishing campaigns, eroding trust within organizations and challenging the efficacy of traditional security defenses. This emergent attack vector, recently highlighted by...

In the digital era, seamless access to communication platforms is not just a convenience—it's a necessity. On the evening of July 9, 2025, this reality was starkly highlighted as millions worldwide found themselves abruptly cut off from one of the globe’s most relied-upon email services...

The digital transformation of healthcare has brought patient records, diagnostics, and even critical care management firmly into the cloud era. The sector increasingly relies on robust, scalable platforms such as Microsoft 365 and Google Workspace to facilitate communication, collaboration, and...

In May 2025, cybersecurity researchers at Varonis Threat Labs uncovered a sophisticated phishing campaign exploiting Microsoft 365's Direct Send feature. This attack has targeted over 70 organizations, with 95% based in the United States, across sectors such as financial services, manufacturing...

Hackers are increasingly exploiting one of Microsoft 365’s lesser-known conveniences—Direct Send—to launch sophisticated phishing campaigns that closely mimic internal communications, putting even well-defended organizations at serious risk. As recent research from Varonis and corroborating...

Hackers continue to evolve their tactics, and with sophisticated attacks targeting even the most mature enterprise technology stacks, the recent exploitation of Microsoft 365’s Direct Send feature underscores the persistent cat-and-mouse game between IT teams and cybercriminals. Direct Send, a...

In recent months, a sophisticated phishing campaign has exploited Microsoft 365's "Direct Send" feature, targeting over 70 organizations, primarily in the United States. This attack method allows cybercriminals to impersonate internal users and deliver phishing emails without compromising...

A sophisticated phishing campaign has been exploiting Microsoft 365's Direct Send feature, targeting over 70 organizations across various sectors in the United States since May 2025. This attack underscores the evolving tactics of cybercriminals and highlights the need for organizations to...

Few security challenges expose both the evolving sophistication of cybercriminal tactics and the unintended weaknesses of enterprise cloud platforms as starkly as the recent abuse of Microsoft 365’s “Direct Send” feature. In a rapidly intensifying phishing campaign discovered in May 2025, threat...

Microsoft has announced a significant update regarding the deprecation of Basic Authentication (Basic Auth) for Exchange Online's Client Submission (SMTP AUTH). Originally slated for permanent removal in September 2025, the timeline has been extended to begin on March 1, 2026, with complete...

Implementing Domain-based Message Authentication, Reporting, and Conformance (DMARC) in Microsoft 365 is a critical step toward enhancing email security by preventing domain spoofing and phishing attacks. However, the process is fraught with challenges that can complicate deployment and...

In the rapidly evolving digital landscape, Microsoft 365 has become a cornerstone for organizational productivity, offering a suite of tools that facilitate communication, collaboration, and data management. However, its widespread adoption has also made it a prime target for cyber threats...

Microsoft business users are being alerted to a stealthy and sophisticated wave of attacks exploiting the trust built into official Microsoft 365 notifications. Leveraging the genuine “microsoft-noreply@microsoft.com” address, cybercriminals are injecting malicious content into transactional...