10 Jul, 2026

Microsoft 365 ‘Direct Send’ abused to send phishing as internal users

An ongoing phishing campaign abuses a little‑known feature in Microsoft 365 called “Direct Send” to evade detection by email security and steal credentials. Direct Send is a Microsoft 365 feature that allows on‑premises devices, applications, or cloud services to send emails through a tenant’s smart host as if they originated from the organization’s domain. It’s […]

6 mins read

Microsoft fixes Outlook bug causing crashes when opening emails

Microsoft has fixed a known issue that will cause the classic Outlook email client to crash when opening emails or starting a new message. The bug impacts users across all Microsoft 365 Office channels who updated Outlook for Microsoft 365 earlier this month. “When you open or start a new email, classic Outlook crashes. This […]

2 mins read

Trezor’s support platform abused in crypto theft phishing attacks

Trezor is alerting users about a phishing campaign that abuses its automated support system to send deceptive emails from its official platform. The company’s support site allows anyone to open a ticket using any email address and subject line. The system then replies automatically, sending a case number and using the submitted ticket title as […]

2 mins read

Hacker steals 1 million Cock.li user records in webmail data breach

Email hosting provider Cock.li has confirmed it suffered a data breach after threat actors exploited flaws in its now-retired Roundcube webmail platform to steal over a million user records. The incident exposed all users who had logged in to the mail service since 2016, estimated at 1,023,800 people, along with contact entries for an additional […]

3 mins read

Washington Post’s email system hacked, journalists’ accounts compromised

Email accounts of several Washington Post journalists were compromised in a cyberattack believed to have been carried out by a foreign government. The incident was discovered on Thursday evening and the publication started an investigation. On Sunday, June 15, an internal memo was sent to employees, informing them of a “possible targeted unauthorized intrusion into their […]

1 min read

Microsoft shares temp fix for Outlook crashes when opening emails

Microsoft has shared a workaround for a known issue that causes the classic Outlook email client to crash when opening or starting a new message. These problems affect users in the Monthly Enterprise Channel who updated Outlook for Microsoft 365 earlier this month, starting with Version 2504 (Build 18730.20122). “When you open or start a […]

2 mins read

Government webmail hacked via XSS bugs in global spy campaign

Hackers are running a worldwide cyberespionage campaign dubbed ‘RoundPress,’ leveraging zero-day and n-day flaws in webmail servers to steal email from high-value government organizations. ESET researchers who uncovered the operation attribute it with medium confidence to the Russian state-sponsored hackers APT28 (aka “Fancy Bear” or “Sednit”). The campaign started in 2023 and continued with the adoption of new exploits […]

3 mins read

Microsoft fixes Exchange Online bug flagging Gmail emails as spam

​Microsoft has resolved an issue with a machine learning model that mistakenly flagged emails from Gmail accounts as spam in Exchange Online. Tracked as EX1064599 in the Microsoft 365 admin center, the issue started impacting users on April 25 at 09:24 UTC, automatically moving emails erroneously tagged as malicious to the junk folder. “We’ve identified that our […]

2 mins read

Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts

Russian threat actors have been abusing legitimate OAuth 2.0 authentication workflows to hijack Microsoft 365 accounts of employees of organizations related to Ukraine and human rights. The adversary is impersonating officials from European countries and contact targets through WhatsApp and Signal messaging platforms. The purpose is to convince potential victims to provide Microsoft authorization codes that […]

4 mins read

Microsoft fixes machine learning bug flagging Adobe emails as spam

Microsoft says it mitigated a known issue in one of its machine learning (ML) models that mistakenly flagged Adobe emails in Exchange Online as spam. As the company revealed in an advisory on the Microsoft 365 admin center tagged as EX1061430, users had issues accessing alerts for Adobe URLs starting April 22 at 09:24 UTC while […]

3 mins read