phishing

Cybercriminals have developed a sophisticated method to compromise Microsoft 365 accounts by exploiting link-wrapping services, notably those provided by Proofpoint and Intermedia. This technique involves manipulating the very tools designed to protect users, thereby increasing the effectiveness...

A new wave of cyberattacks has exposed a dangerous flaw in trusted email security services, as hackers have successfully exploited protective link-wrapping features to orchestrate large-scale phishing campaigns targeting Microsoft 365 logins. By hijacking the mechanisms designed to keep users...

Cloudflare has issued a stark warning about a new and highly sophisticated wave of phishing attacks targeting Microsoft 365 users, drawing attention to a dangerous exploitation of a trusted email security feature: link wrapping. In recent weeks, both enterprise and consumer accounts have come...

A wave of highly sophisticated phishing attacks has put Microsoft 365 users—and the very foundations of modern email security—at risk, exposing a perilous paradox: the same technologies designed to protect cloud productivity platforms are now being systematically exploited to facilitate...

A sophisticated phishing campaign exploiting trusted email security tools has rattled the cybersecurity landscape, exposing a dismally clever strategy that turns protective mechanisms into attack vectors. Between June and July 2025, researchers at Cloudflare uncovered an operation wherein...

Attackers have found a chillingly effective way to subvert defenses integrated into the heart of enterprise email security. According to new research from Cloudflare, threat actors are actively exploiting “link wrapping” services—offered by reputable vendors like Proofpoint and Intermedia—to...

Cybercriminals are once again redefining the threat landscape, this time by exploiting trusted email security mechanisms to compromise Microsoft 365 accounts. In a sophisticated new campaign, threat actors have weaponized link-wrapping services—previously considered pillars of safe email...

Microsoft has introduced passkeys as a new verification method for user accounts, allowing sign-ins using facial recognition, fingerprints, or device PINs. This feature is compatible across Windows, Apple, and Google platforms. Passkeys utilize cryptographic key pairs, with one key stored on the...

Cybercriminals have once again proven their adaptability by leveraging trusted technology—from cybersecurity companies themselves—to bypass email defenses and target Microsoft 365 users. In a revealing discovery, threat actors have been exploiting link-wrapping services from well-known vendors...

Leveraging trusted internal channels has long been a gold standard for cybercriminals seeking to evade organizational defenses, but a recent campaign uncovered by Proofpoint signals a new level of ingenuity in exploiting a familiar Microsoft 365 feature: Direct Send. This functionality, designed...

Threat actors are increasingly exploiting Microsoft 365’s Direct Send feature to conduct highly convincing internal phishing campaigns, eroding trust within organizations and challenging the efficacy of traditional security defenses. This emergent attack vector, recently highlighted by...

As cyber threats continue to evolve, organizations leveraging cloud-based productivity suites like Microsoft 365 face novel forms of attack that exploit the platform’s very architecture. Recently, security researchers unveiled a troubling trend: hackers are weaponizing Microsoft 365’s Direct...

In the ever-evolving landscape of cybersecurity, email remains a primary vector for attacks such as phishing, malware, and business email compromise (BEC). To bolster defenses, organizations often deploy a combination of native security solutions and third-party tools. Microsoft Defender for...

The evolution of phishing campaigns in the cloud era has introduced a new breed of attacks that are increasingly hard to spot, even for seasoned security professionals. Among these, a recent campaign targeting Microsoft 365 logins stands out for its cunning use of Microsoft OAuth applications...

Phishing campaigns continue to evolve, adapting to security systems and adopting new tactics to dupe even vigilant users. Recent findings have uncovered a sophisticated Microsoft MFA phishing scheme that leverages the OAuth authorization framework—specifically, Microsoft OAuth applications—to...

Threat actors in 2025 have harnessed a new caliber of cyberattack, subverting enterprise identity and trust by weaponizing Microsoft OAuth applications to bypass even the most robust multi-factor authentication (MFA) defenses. This emerging campaign, tracked by Proofpoint and other leading...

Phishing campaigns have always shaped themselves around the contours of new technology, but the latest surge targeting Microsoft OAuth applications marks a seismic shift in both attacker strategy and the effectiveness of their exploits. In 2025, security researchers uncovered a wave of hybrid...

Phishing campaigns have always evolved in tandem with advances in enterprise security, but the latest wave targeting Microsoft OAuth applications represents a stunning leap in both sophistication and effectiveness. This ongoing campaign, first identified in early 2025, exemplifies a new breed of...

Sophisticated cyber adversaries have shifted tactics in recent months, exploiting fake Microsoft OAuth applications in tandem with advanced phishing toolkits such as Tycoon and ODx to compromise Microsoft 365 accounts worldwide. These attacks, tracked by researchers and security vendors...

Foreign embassies in Moscow are facing an unprecedented onslaught of cyber espionage, orchestrated by Russian state-backed hackers leveraging an array of advanced techniques to compromise their digital security. According to recent disclosures from Microsoft Threat Intelligence, these actors...