A sophisticated phishing campaign affecting more than 70 organizations by exploiting Microsoft 365’s Direct Send feature. This novel attack method allows threat actors to spoof internal users and deliver phishing emails without ever needing to compromise an account, bypassing traditional email security controls that typically scrutinize external communications. The campaign, which began in May 2025
The post Microsoft 365’s Direct Send Exploited to Send Phishing Emails as Internal Users appeared first on Cyber Security News. Read More
Posted inNews