A significant architectural blind spot in the Microsoft 365 ecosystem that allows threat actors to exfiltrate sensitive email data without leaving forensic traces. Dubbed “Exfil Out&Look,” this attack technique leverages the Outlook add-in framework to intercept outgoing communications stealthily. Unlike traditional exploitation methods that rely on software vulnerabilities, this technique abuses legitimate features within Outlook […]
The post Microsoft 365 Outlook Add-ins Weaponized to Exfiltrate Sensitive Email Data Without Leaving Traces appeared first on Cyber Security News.
This article has been indexed from Cyber Security News
Read the original article: