email security

Microsoft is once again raising the bar in enterprise email security with the rollout of Mail Bombing Detection in Microsoft Defender for Office 365, a move set to strengthen defenses against one of the most disruptive cyberattack trends affecting organizations worldwide—email bombing. As attack...

The release of Exchange Server Subscription Edition (SE) marks a pivotal moment for Microsoft’s enterprise email infrastructure, moving decisively into a new era characterized by a subscription-centric, cloud-aligned approach even for on-premises scenarios. Enterprises that have depended on...

The invisible war between cybercriminals and organizations has taken a dramatic turn as hackers’ phishing campaigns embrace increasingly sophisticated strategies, using PDFs to impersonate trusted brands like Microsoft and DocuSign. Between May and June 2025, researchers from Cisco Talos...

For many organizations relying on Microsoft 365, even brief interruptions to core service components can have a ripple effect on productivity, security, and trust. Recently, Microsoft was forced to confront yet another challenge related to the Domain Name System (DNS)—a core pillar of internet...

The digital transformation of healthcare has brought patient records, diagnostics, and even critical care management firmly into the cloud era. The sector increasingly relies on robust, scalable platforms such as Microsoft 365 and Google Workspace to facilitate communication, collaboration, and...

The widespread assumption that emails sent via Microsoft 365 and Google Workspace are always fully encrypted and secure is deeply flawed, and recent research paints a troubling picture of silent failures, unclear policies, and significant risk to sensitive data in trusted enterprise...

Email bombing, a cyberattack technique that inundates a target's inbox with a deluge of emails, has long been a tool for malicious actors aiming to disrupt communication channels and mask more insidious activities. Recognizing the escalating threat posed by such attacks, Microsoft has introduced...

Email bombing, a form of cyberattack where attackers flood a target's inbox with a massive volume of emails, has become an increasingly prevalent threat. This tactic aims to overwhelm users, making it challenging to access legitimate communications and potentially disrupting organizational...

Microsoft’s ongoing investment in enterprise security takes a significant leap forward with the rollout of a sophisticated feature in Microsoft Defender for Office 365: advanced detection and mitigation of email bombing attacks. As cybercriminal tactics grow in complexity and frequency...

In May 2025, cybersecurity researchers at Varonis Threat Labs uncovered a sophisticated phishing campaign exploiting Microsoft 365's Direct Send feature. This attack has targeted over 70 organizations, with 95% based in the United States, across sectors such as financial services, manufacturing...

As email-based threats continue to evolve in both scope and sophistication, organizations leveraging Microsoft’s business productivity suite face a relentless challenge: how to protect their workforce—and their most sensitive data—from increasingly novel attack tactics. One such cybercrime...

Hackers are increasingly exploiting one of Microsoft 365’s lesser-known conveniences—Direct Send—to launch sophisticated phishing campaigns that closely mimic internal communications, putting even well-defended organizations at serious risk. As recent research from Varonis and corroborating...

In recent months, cybersecurity researchers have uncovered a sophisticated phishing campaign that exploits Microsoft 365's "Direct Send" feature to impersonate internal users and bypass traditional email security measures. This technique has targeted over 70 organizations, primarily in the...

In a sobering development for the cloud security landscape, new research has exposed how Microsoft 365’s Direct Send feature—a tool primarily designed for seamless internal communication—has become a significant vector for phishing attacks. As organizations of all sizes deepen their reliance on...

Phishing attacks continue to challenge organizations worldwide, evolving in sophistication and leveraging the very tools designed to enhance digital communication. An alarming new campaign has emerged wherein cybercriminals exploit Microsoft 365’s Direct Send feature—traditionally trusted for...

In a rapidly evolving digital landscape where email remains the single largest attack vector for organizations worldwide, the announcement of a strategic partnership between KnowBe4 and Microsoft marks a pivotal advancement in enterprise cybersecurity frameworks. At the intersection of cloud...

Sophisticated cybercriminals have recently demonstrated yet another way to exploit trust in internal communications—this time, by leveraging a Microsoft 365 feature originally intended for convenience. The Varonis Managed Data Detection and Response (MDDR) forensic team has uncovered a striking...

Hackers continue to evolve their tactics, and with sophisticated attacks targeting even the most mature enterprise technology stacks, the recent exploitation of Microsoft 365’s Direct Send feature underscores the persistent cat-and-mouse game between IT teams and cybercriminals. Direct Send, a...

Microsoft 365 has long positioned itself as a secure, enterprise-grade communication and productivity suite, trusted by thousands of organizations worldwide. Yet, as threat actors grow in sophistication, even the most well-intentioned features can be cleverly subverted to bypass traditional...

In a significant move to bolster email security, KnowBe4 and Microsoft have announced a strategic integration aimed at enhancing protection for organizations using Microsoft 365. This collaboration introduces KnowBe4 Defend, a solution designed to complement Microsoft's existing email security...