email security

A recent update to the classic Outlook desktop client triggered a high-impact interoperability bug that interrupted the handling of S/MIME-signed messages and Office Message Encryption (OME) protected email, producing confusing prompts and, in some cases, stripping digital signatures when...

Microsoft’s security team is celebrating a major analyst victory: Microsoft has been named a Leader in the 2025 Gartner® Magic Quadrant™ for Email Security, a designation Microsoft says underscores the maturity and reach of Microsoft Defender for Office 365 as organizations wrestle with...

This morning’s inbox flood — five obvious spam messages slipping straight into the primary view of an Outlook user — is not an isolated annoyance. It’s a live demonstration of where Microsoft’s email stack still fails everyday people: spam and phishing still reach the inbox, user trust erodes...

Microsoft’s recent clarifications around Direct Send and the related protection options in Exchange Online change the way administrators should think about mail routing, tenant exposure, and the controls available to prevent spoofing and unwanted anonymous mail that appears to originate from...

Attaching files in Outlook is one of those everyday tasks that feels trivial until it goes wrong — a “file too large” error, a missing image in a sent message, or a recipient locked out of a OneDrive link can turn a five‑minute chore into a support ticket. This feature guide consolidates the...

Microsoft’s free Windows 10 upgrade became a vehicle for a crop of convincing phishing emails that delivered file‑encrypting ransomware disguised as a legitimate installer, according to security researchers — a reminder that major platform announcements instantly become social‑engineering boons...

Microsoft’s Security Update Guide lists CVE-2025-55243 as a spoofing vulnerability in Microsoft OfficePlus that can lead to the exposure of sensitive information and enable an attacker to perform spoofing over a network, but key public mirrors and automated scrapers offer limited or inconsistent...

Microsoft has given a clear ultimatum to organizations still using the shared .onmicrosoft.com sending address: migrate to a verified custom domain or expect severe outbound throttling that will constrain external email to just 100 external recipients per organization in any 24‑hour rolling...

Microsoft is imposing a hard limit on outgoing email from free “.onmicrosoft.com” (MOERA) tenant domains to combat widespread abuse and protect delivery for legitimate Microsoft 365 customers, and the change — which takes effect in staged waves starting October 15, 2025 for trials — restricts...

Windows Live Mail’s built‑in spam controls — the Safety Options, Safe Senders/Recipients lists, Blocked Senders, international filters and message rules — can still give you effective inbox control, but only if you set them deliberately and understand their limits on modern Windows systems. This...

Microsoft’s security portal lists CVE-2025-25007 as a Microsoft Exchange Server spoofing vulnerability caused by improper validation of syntactic correctness of input, but public technical detail and third‑party analysis for this specific CVE remain sparse at the time of publication —...

A sweeping emergency order from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has intensified the cybersecurity spotlight on Microsoft Exchange, following the disclosure of a fresh and serious vulnerability. On August 7th, 2025, CISA issued Emergency Directive 25-02 in direct...

A new wave of highly sophisticated phishing scams has placed millions of Microsoft 365 users at increased risk, with recent campaigns focusing on colleges and universities such as Seton Hall. These scams exploit a deepening trust in digital communications and modern security tools, employing...

A new high-severity security vulnerability is causing alarm among businesses that utilize hybrid Microsoft Exchange deployments, as both Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA) issue urgent advisories. This flaw—affecting Exchange Server 2016, 2019, and the...

Threat actors have escalated their tactics by exploiting the Microsoft 365 Direct Send feature, fundamentally altering the landscape of email-based cyber attacks. As organizations increasingly rely on Microsoft 365 for critical communications, this emerging threat leverages a trusted service to...

Microsoft has unveiled its new AI-powered Phishing Triage Agent within Microsoft Defender, now available in public preview, marking a significant evolution in the way organizations approach email threat detection and response. As cyber threats continue to escalate in complexity and volume...

A high-severity security vulnerability has emerged at the heart of countless enterprise communications: Microsoft has issued a warning about a flaw in hybrid Exchange Server deployments that could give cyber attackers undetected escalated access to Exchange Online—potentially undermining the...

Cybersecurity in the corporate realm now sits at the top of IT agendas for organizations of all sizes, as email remains the most common vector for threats like phishing, ransomware, and sophisticated malware attachments. Microsoft Exchange Online Protection (EOP) has long held dominance due to...

A critical security update has emerged for organizations leveraging Microsoft Exchange Server in hybrid cloud environments, as CVE-2025-53786 exposes a significant elevation of privilege vulnerability. On April 18th, 2025, Microsoft not only published important security changes for hybrid...

A new wave of targeted phishing attacks is sweeping through organizations, exploiting a legitimate Microsoft 365 feature to wreak havoc from inside the trusted walls of enterprise email. Security researchers have recently uncovered threat actors using the Microsoft 365 “Direct Send” capability...