Find notable cyber news and cases, enriched with sources, timelines, and signals.

Microsoft 365 MX spoofing mitigation guidance

Advisory/Mitigation
First reported
Last updated
Happening score
H score 27
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft issued mitigation guidance for Microsoft 365 tenants exposed to MX spoofing, because misconfigured mail routing can make phishing emails look internal and raise account compromise risk. The company told organizations to point MX records directly to Office 365, apply strict DMARC, and verify any third-party services tied to MX routing. Microsoft also recommended phishing-resistant MFA for privileged roles in Microsoft Entra ID. The guidance applies to tenants with custom routing not pointed to Office 365 and is meant to reduce credential theft, BEC, and fraud.

Related Happenings

O-UNC-066 / Pink Microsoft Entra passkey vishing campaign

Campaign
H score37 First: 08.07.2026 19:47 Last: 08.07.2026 19:47 Sources 1

About this happening: The **O-UNC-066 / Pink** operation is using **voice-based phishing** to push **Microsoft 365** users into enrolling attacker-controlled **Entra passkeys**, creating a direct path...

Microsoft My Sign-Ins MFA outage

Service Disruption
H score25 First: 01.06.2026 14:40 Last: 01.06.2026 14:40 Sources 1

About this happening: **Microsoft** is dealing with an **ongoing outage** that is blocking some users from setting up **multi-factor authentication (MFA)** and accessing **My Sign-Ins**. Affected users...

Microsoft Exchange Server spoofing/XSS flaw under active exploitation (CVE-2026-42897)

Vulnerability
H score37 First: 15.05.2026 09:19 Last: 15.05.2026 09:19 Sources 1

About this happening: **CVE-2026-42897** is an **actively exploited** **spoofing** vulnerability in **on-premises Microsoft Exchange Server** that can lead to **arbitrary JavaScript execution** in a br...

Latest development: 09.06.2026 20:57

Microsoft identifies CVE-2026-42897 in Microsoft Exchange Server as an actively exploited spoofing vulnerability that can lead to JavaScript execution in a target’s browser when a specially crafted email is opened in Outlook Web Access under certain interaction conditions. Microsoft says mitigations are being pushed through the Exchange Emergency Mitigation Service while it continues work on the full update.

Microsoft Exchange Online blocks legacy TLS for POP3 and IMAP4 starting July 2026

Security Tool/Service
H score11 First: 28.04.2026 16:18 Last: 28.04.2026 16:18 Sources 1

About this happening: **Microsoft** will block **TLS 1.0** and **TLS 1.1** for **POP3/IMAP4** access to **Exchange Online** in **July 2026**, which could break legacy mail clients and embedded devices...

Microsoft 365 mailbox-rule abuse rises across breached accounts in Q4 2025

Trend
H score6 First: 13.04.2026 18:00 Last: 13.04.2026 18:00 Sources 1

About this happening: In **Q4 2025**, about **10%** of breached **Microsoft 365** accounts had malicious mailbox rules created within seconds of compromise, increasing **persistence**, **data theft**,...

Timeline

  1. 08.01.2026 16:01 2 articles · 6mo ago

    Microsoft issues MX spoofing mitigation guidance for Microsoft 365 tenants

    Mitigation Patch Update

    Microsoft advised Microsoft 365 tenants with custom email routing to point MX records directly to Office 365, apply strict DMARC, verify any third-party services linked to MX, and enforce phishing-resistant MFA for privileged roles in Microsoft Entra ID to reduce internal-looking phishing and account compromise risk.

    Show sources