Alerts
Events
DCR
Explore Cyware Products
Alerts
Events
DCR
Go to listing page
Microsoft 365 'Direct Send' abused to send phishing as internal users
Threat Intel & Info Sharing
June 26, 2025
bleepingcomputer
A phishing campaign is actively exploiting Microsoft 365's "Direct Send" feature to send spoofed internal emails and steal user credentials. Direct Send, which allows unauthenticated email sending via a tenant's smart host, is a known security risk.
Read More
Microsoft 365
Direct Send
Publisher
Previous
US, France crack down on BreachForums with arrests, Int ...
Incident Response, Learnings
Next
Critical Open VSX Registry Flaw Exposes Millions of Dev ...
Malware and Vulnerabilities