email spoofing

Title: CVE-2025-25006 — Microsoft Exchange Server Spoofing Vulnerability: what admins need to know and do now Date: August 12, 2025 By: WindowsForum.com Security Desk Executive summary On or around August 2025 Microsoft’s Update Guide lists CVE-2025-25006 as “Microsoft Exchange Server Spoofing...

Threat actors have escalated their tactics by exploiting the Microsoft 365 Direct Send feature, fundamentally altering the landscape of email-based cyber attacks. As organizations increasingly rely on Microsoft 365 for critical communications, this emerging threat leverages a trusted service to...

A new wave of targeted phishing attacks is sweeping through organizations, exploiting a legitimate Microsoft 365 feature to wreak havoc from inside the trusted walls of enterprise email. Security researchers have recently uncovered threat actors using the Microsoft 365 “Direct Send” capability...

Cybersecurity researchers have uncovered a sophisticated phishing campaign exploiting Microsoft 365's Direct Send feature to deliver internal-looking emails without authentication. This method allows attackers to bypass traditional email security measures, posing significant risks to...

Cybercriminals have ramped up efforts to exploit Microsoft 365’s Direct Send feature and unsecured SMTP relays, launching sophisticated phishing campaigns that masquerade as internal company emails—placing even vigilant organizations at substantial risk. According to recent research by...

Cybercriminals have developed a sophisticated method to compromise Microsoft 365 accounts by exploiting link-wrapping services, notably those provided by Proofpoint and Intermedia. This technique involves manipulating the very tools designed to protect users, thereby increasing the effectiveness...

Leveraging trusted internal channels has long been a gold standard for cybercriminals seeking to evade organizational defenses, but a recent campaign uncovered by Proofpoint signals a new level of ingenuity in exploiting a familiar Microsoft 365 feature: Direct Send. This functionality, designed...

Threat actors are increasingly exploiting Microsoft 365’s Direct Send feature to conduct highly convincing internal phishing campaigns, eroding trust within organizations and challenging the efficacy of traditional security defenses. This emergent attack vector, recently highlighted by...

In May 2025, cybersecurity researchers at Varonis Threat Labs uncovered a sophisticated phishing campaign exploiting Microsoft 365's Direct Send feature. This attack has targeted over 70 organizations, with 95% based in the United States, across sectors such as financial services, manufacturing...

As email-based threats continue to evolve in both scope and sophistication, organizations leveraging Microsoft’s business productivity suite face a relentless challenge: how to protect their workforce—and their most sensitive data—from increasingly novel attack tactics. One such cybercrime...

For many organizations, the expectation is that internal communications on their Microsoft 365 tenants are inherently more trustworthy—after all, who would question an authentication-free email from the company’s own domain? Yet a recent investigation by the Varonis Managed Data Detection and...

In recent months, cybersecurity researchers have uncovered a sophisticated phishing campaign that exploits Microsoft 365's "Direct Send" feature to impersonate internal users and bypass traditional email security measures. This technique has targeted over 70 organizations, primarily in the...

In a sobering development for the cloud security landscape, new research has exposed how Microsoft 365’s Direct Send feature—a tool primarily designed for seamless internal communication—has become a significant vector for phishing attacks. As organizations of all sizes deepen their reliance on...

Phishing attacks continue to challenge organizations worldwide, evolving in sophistication and leveraging the very tools designed to enhance digital communication. An alarming new campaign has emerged wherein cybercriminals exploit Microsoft 365’s Direct Send feature—traditionally trusted for...

Hackers continue to evolve their tactics, and with sophisticated attacks targeting even the most mature enterprise technology stacks, the recent exploitation of Microsoft 365’s Direct Send feature underscores the persistent cat-and-mouse game between IT teams and cybercriminals. Direct Send, a...

Microsoft 365 has long positioned itself as a secure, enterprise-grade communication and productivity suite, trusted by thousands of organizations worldwide. Yet, as threat actors grow in sophistication, even the most well-intentioned features can be cleverly subverted to bypass traditional...

In recent months, a sophisticated phishing campaign has exploited Microsoft 365's Direct Send feature, targeting over 70 organizations across the United States. This attack method allows cybercriminals to impersonate internal users and deliver phishing emails that bypass traditional security...

In recent months, a sophisticated phishing campaign has exploited Microsoft 365's "Direct Send" feature, targeting over 70 organizations, primarily in the United States. This attack method allows cybercriminals to impersonate internal users and deliver phishing emails without compromising...

A sophisticated phishing campaign has been exploiting Microsoft 365's Direct Send feature, targeting over 70 organizations across various sectors in the United States since May 2025. This attack underscores the evolving tactics of cybercriminals and highlights the need for organizations to...

A new wave of phishing attacks has cast a harsh spotlight on the security assumptions underlying Microsoft 365, as cybercriminals adapt with alarming speed to exploit lesser-known features. Over the past two months, a sophisticated campaign has targeted more than 70 organizations across critical...