A sophisticated phishing campaign affecting more than 70 organizations by exploiting Microsoft 365’s Direct Send feature. This novel attack method allows threat actors to spoof internal users and deliver phishing emails without ever needing to compromise an account, bypassing traditional email security controls that typically scrutinize external communications. The campaign, which began in May 2025 […]
The post Microsoft 365’s Direct Send Exploited to Send Phishing Emails as Internal Users appeared first on Cyber Security News.
This article has been indexed from Cyber Security News