Inboxfuscation Tool Circumvents Microsoft Exchange Inbox Rules and Detection Controls
Advanced persistent threat actors increasingly target Microsoft Exchange inbox rules to maintain persistence and siphon sensitive data without raising alarms.
The newly released Inboxfuscation...
Critical “God Mode” Vulnerability Allows Unrestricted Access to Microsoft Cloud Tenants
A recent disclosure by security researcher Dirk-Jan Mollema has revealed CVE-2025-55241, a catastrophic flaw in Microsoft’s Actor token validation that allowed a single token,...
Microsoft OneDrive Auto-Sync Feature Exposes Enterprise Secrets in SharePoint Online
A critical security vulnerability in Microsoft's OneDrive auto-sync feature is silently exposing enterprise secrets at scale, according to new research from Entro Labs.
The...
300+ Websites Taken Down by Microsoft for Distributing RaccoonO365 Phishing Service
Microsoft's Digital Crimes Unit (DCU) has successfully disrupted RaccoonO365, a rapidly expanding cybercriminal operation that has emerged as the fastest-growing tool for stealing Microsoft 365...
VoidProxy PhaaS Emerges as Major Threat to Microsoft 365 and Google Accounts
A new phishing-as-a-service (PhaaS) platform uncovered by Okta Threat Intelligence, named VoidProxy, has emerged as a highly evasive threat targeting Microsoft 365, Google accounts, and...
