Email Security
The latest Email Security coverage — news, analysis, and updates from the WindowsNews.AI desk.
CVE-2025-55243: OfficePlus Spoofing Flaw Exposes Data, Bypasses Scanners
Microsoft has published a security advisory for CVE-2025-55243, a spoofing vulnerability in Microsoft OfficePlus that can lead to the exposure of sensitive information and enable attackers to...
Microsoft to Slash onmicrosoft.com Outbound Email to 100 External Recipients per Day — Staged Rollout Begins October 2025
Microsoft will soon enforce a hard limit on external email sent from the shared onmicrosoft.com namespace, capping it at just 100 external recipients per tenant per day. The policy, dubbed MOERA...
Microsoft Slashes onmicrosoft.com Outbound Email to 100 Recipients Daily to Fight Spam
Starting October 15, 2025, Microsoft will begin enforcing a hard cap of 100 external email recipients per 24 hours for all tenants sending from the default onmicrosoft.com domain. The move, announced...
Windows Live Mail Spam Setup Guide: Maximize Filters Before You Migrate to New Outlook
Microsoft officially sunset support for Windows Mail, Calendar, and People on December 31, 2024, rendering these once-essential apps unable to send or receive messages. Meanwhile, Windows Live...
CVE-2025-25007: Critical Exchange Server Spoofing Vulnerability Demands Immediate Action Despite Scant Details
A newly disclosed spoofing vulnerability in Microsoft Exchange Server is ratcheting up urgency for enterprise security teams, even as technical specifics remain locked behind Microsoft’s...
CISA Sets August 11 Deadline for Critical Exchange Hybrid Patch as Exploits Emerge
The U.S. Cybersecurity and Infrastructure Security Agency issued Emergency Directive 25-02 on August 7, 2025, giving federal agencies fewer than four days to remediate a high-severity vulnerability...
Sophisticated Microsoft 365 Phishing Attacks Exploit SVG Images and Trusted Tools to Steal Credentials
A new wave of phishing attacks targeting Microsoft 365 users is bypassing conventional email filters by weaponizing SVG image files and repurposing legitimate security tools as cloaking devices. The...
Critical Exchange Hybrid Flaw CVE-2025-53786 Allows Undetectable Privilege Escalation—Patch Now
A dangerous authentication bypass has surfaced in Microsoft Exchange hybrid deployments, prompting coordinated alerts from both Microsoft and the U.S. Cybersecurity and Infrastructure Security Agency...
The Phishing Pipeline: How Attackers Weaponize Microsoft 365 Direct Send to Evade Every Defense
Microsoft 365’s Direct Send feature has become a double-edged sword. Designed to let printers, scanners, and applications relay mail without a dedicated mailbox, it now enables attackers to slip...
Microsoft Defender's New AI Agent Cuts Phishing Noise by 90%, Now in Public Preview
Microsoft has launched an AI-powered Phishing Triage Agent in public preview, embedding it directly into Microsoft Defender to automate the triage of user-reported phishing emails and slash...
CVE-2025-53786: The Silent Hybrid Exchange Exploit That Bypasses All Cloud Defenses
Microsoft has issued an urgent warning about a high-severity vulnerability in hybrid Exchange deployments that could let attackers who breach an on-premises server silently escalate their privileges...
The 2025 Email Security Shift: Why Proofpoint, Mimecast, and Others Are Replacing Microsoft EOP
Microsoft Exchange Online Protection (EOP) has been the default email security gatekeeper for millions of businesses, but in 2025, a growing number of organizations are finding its basic defenses...