email phishing

A new wave of cyberattacks has exposed a dangerous flaw in trusted email security services, as hackers have successfully exploited protective link-wrapping features to orchestrate large-scale phishing campaigns targeting Microsoft 365 logins. By hijacking the mechanisms designed to keep users...

Cloudflare has issued a stark warning about a new and highly sophisticated wave of phishing attacks targeting Microsoft 365 users, drawing attention to a dangerous exploitation of a trusted email security feature: link wrapping. In recent weeks, both enterprise and consumer accounts have come...

Attackers have found a chillingly effective way to subvert defenses integrated into the heart of enterprise email security. According to new research from Cloudflare, threat actors are actively exploiting “link wrapping” services—offered by reputable vendors like Proofpoint and Intermedia—to...

In a rapidly evolving cybersecurity landscape, defenders continually play catch-up as threat actors devise innovative ways to evade detection, exploit trust, and steal sensitive information. A recent revelation by cybersecurity researchers highlights a sophisticated phishing campaign targeting...

Phishing attacks have evolved far beyond suspicious links in emails or obvious malware-laden attachments; today’s cybercriminals are engineering schemes that bypass even the most robust inbox filters, preying on the everyday habits and default settings trusted by countless Microsoft 365 and...

Hackers are increasingly exploiting one of Microsoft 365’s lesser-known conveniences—Direct Send—to launch sophisticated phishing campaigns that closely mimic internal communications, putting even well-defended organizations at serious risk. As recent research from Varonis and corroborating...

For many organizations, the expectation is that internal communications on their Microsoft 365 tenants are inherently more trustworthy—after all, who would question an authentication-free email from the company’s own domain? Yet a recent investigation by the Varonis Managed Data Detection and...

In recent months, cybersecurity researchers have uncovered a sophisticated phishing campaign that exploits Microsoft 365's "Direct Send" feature to impersonate internal users and bypass traditional email security measures. This technique has targeted over 70 organizations, primarily in the...

Microsoft 365 has long positioned itself as a secure, enterprise-grade communication and productivity suite, trusted by thousands of organizations worldwide. Yet, as threat actors grow in sophistication, even the most well-intentioned features can be cleverly subverted to bypass traditional...

In a significant move to bolster email security, KnowBe4 and Microsoft have announced a strategic integration aimed at enhancing protection for organizations using Microsoft 365. This collaboration introduces KnowBe4 Defend, a solution designed to complement Microsoft's existing email security...

Microsoft has unveiled a new security feature within its Defender for Office 365 suite aimed at mitigating the rising threat of email bombing attacks. This feature, termed "Mail Bombing Detection," is designed to automatically identify and quarantine high-volume email flooding campaigns that...

In early 2025, a critical security vulnerability identified as CVE-2025-47176 was discovered in Microsoft Outlook, posing significant risks to users worldwide. This flaw allows authorized attackers to execute arbitrary code on a victim's system by exploiting a specific path traversal sequence...

A recent analysis of 180 healthcare email breaches between January 1, 2024, and January 31, 2025, has unveiled significant cybersecurity vulnerabilities within the sector. The 2025 Healthcare Email Security Report by Paubox highlights that email remains the primary attack vector, leading to...

The growing adoption of generative AI in the workplace has ushered in sweeping changes across industries, delivering newfound efficiencies and innovative capabilities. Yet, with each leap toward automation and intelligence, a parallel, shadowy world of cyber threats surges ahead. A recent...

In recent weeks, Microsoft 365 users have found themselves in the crosshairs of a sophisticated business email compromise (BEC) campaign that exploits the cloud service’s very reputation for trust and reliability. Rather than launching the usual barrage of phishing emails filled with tyrannical...

Severity Rating: Moderate - Revision Note: V1.0 (August 9, 2011): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow information disclosure if a user views a specially crafted Web page using a...