Skip to content
  • Blog Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form

Microsoft 365 Direct Send Weaponized to Bypass Email Security Defenses

Posted on August 7, 2025August 7, 2025 By CWS

Cybersecurity researchers have uncovered a classy spear phishing marketing campaign that weaponizes Microsoft 365’s Direct Ship function to bypass conventional electronic mail safety defenses and conduct hyper-personalized credential theft assaults.

The marketing campaign demonstrates an alarming evolution in assault sophistication, combining technical exploitation of legit Microsoft companies with superior social engineering strategies designed to disarm even skilled safety professionals.

The assault leverages Microsoft 365’s Direct Ship performance to avoid customary electronic mail authentication mechanisms, together with SPF, DKIM, and DMARC checks.

By routing malicious emails via victims’ personal good host infrastructure, attackers efficiently masquerade their communications as trusted inner visitors whereas failing fundamental authentication protocols.

This exploitation permits menace actors to ship malicious payloads that may sometimes be blocked by standard electronic mail safety options.

What makes this marketing campaign significantly harmful is its dual-vector method and excessive personalization capabilities.

StrongestLayer analysts recognized the assault after their TRACE AI system detected suspicious authentication anomalies and behavioral patterns inconsistent with legit communications.

The researchers found that attackers have been utilizing image-based lures to evade text-based safety filters, whereas concurrently deploying two distinct payload varieties designed for optimum affect and stealth.

The marketing campaign employs a classy multi-stage an infection mechanism that begins with seemingly innocuous voicemail notifications from trusted companies like RingCentral.

These emails comprise no analyzable textual content for conventional scanners, as a substitute utilizing high-fidelity inline photos that completely mimic legit service notifications.

Malicious message (Supply – StongestLayer)

The social engineering part creates urgency by prompting customers to open attachments to listen to supposedly necessary voice messages.

Technical Implementation and Payload Evaluation

The assault’s technical sophistication turns into obvious via its dual-payload supply system. The first vector makes use of malicious HTML information disguised as audio gamers, implementing a three-stage obfuscation approach.

Assault movement (Supply – StongestLayer)

The payload construction employs an invalid picture tag that triggers an onerror occasion, which then Base64-decodes and executes hidden JavaScript:-

The secondary vector employs malicious SVG information that exploit the truth that many safety filters deal with SVG information as secure photos quite than doubtlessly executable content material.

These information comprise embedded JavaScript with extra customized encoding layers designed to defeat automated evaluation methods. Probably the most regarding facet of this marketing campaign is its dynamic personalization functionality.

The malicious JavaScript doesn’t render generic login pages however as a substitute dynamically fetches company logos and branding particular to every sufferer’s group, creating completely legitimate-looking credential harvesting pages that successfully disarm person suspicion via acquainted visible components.

Equip your SOC with full entry to the most recent menace knowledge from ANY.RUN TI Lookup that may Enhance incident response -> Get 14-day Free Trial

Cyber Security News Tags:Bypass, Defenses, Direct, Email, Microsoft, Security, Send, Weaponized

Post navigation

Previous Post: New Ghost Calls Attack Abuses Web Conferencing for Covert Command & Control
Next Post: ScarCruft Hacker Group Launched a New Malware Attack Using Rust and PubNub

Related Posts

Indian Authorities Dismantled Cybercriminals That Impersonate as Microsoft Tech Support Cyber Security News
Global Authorities Share IoCs and TTPs of Scattered Spider Behind Major ESXi Ransomware Attacks Cyber Security News
Django App Vulnerabilities Chained to Execute Arbitrary Code Remotely Cyber Security News
New TokenBreak Attack Bypasses AI Model’s with Just a Single Character Change Cyber Security News
Web-to-App Funnels: Pros And Cons Cyber Security News
5 Email Attacks SOCs Cannot Detect Without A Sandbox  Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • SonicWall Says Recent Attacks Don’t Involve Zero-Day Vulnerability
  • ScarCruft Hacker Group Launched a New Malware Attack Using Rust and PubNub
  • Microsoft 365 Direct Send Weaponized to Bypass Email Security Defenses
  • New Ghost Calls Attack Abuses Web Conferencing for Covert Command & Control
  • CISA Warns of ‘ToolShell’ Exploits Chain Attacks SharePoint Servers

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • SonicWall Says Recent Attacks Don’t Involve Zero-Day Vulnerability
  • ScarCruft Hacker Group Launched a New Malware Attack Using Rust and PubNub
  • Microsoft 365 Direct Send Weaponized to Bypass Email Security Defenses
  • New Ghost Calls Attack Abuses Web Conferencing for Covert Command & Control
  • CISA Warns of ‘ToolShell’ Exploits Chain Attacks SharePoint Servers

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News