Find notable cyber news and cases, enriched with sources, timelines, and signals.

Microsoft 365 mailbox-rule abuse rises across breached accounts in Q4 2025

Trend
First reported
Last updated
Happening score
H score 6
1 unique sources, 1 articles

Summary

Hide ▲

In Q4 2025, about 10% of breached Microsoft 365 accounts had malicious mailbox rules created within seconds of compromise, increasing persistence, data theft, and email manipulation risk across breached accounts.

Related Happenings

Microsoft Exchange Server spoofing/XSS flaw under active exploitation (CVE-2026-42897)

Vulnerability
H score37 First: 15.05.2026 09:19 Last: 15.05.2026 09:19 Sources 1

About this happening: **CVE-2026-42897** is an **actively exploited** **spoofing** vulnerability in **on-premises Microsoft Exchange Server** that can lead to **arbitrary JavaScript execution** in a br...

Latest development: 09.06.2026 20:57

Microsoft identifies CVE-2026-42897 in Microsoft Exchange Server as an actively exploited spoofing vulnerability that can lead to JavaScript execution in a target’s browser when a specially crafted email is opened in Outlook Web Access under certain interaction conditions. Microsoft says mitigations are being pushed through the Exchange Emergency Mitigation Service while it continues work on the full update.

KongTuke Microsoft Teams initial access campaign

Campaign
H score42 First: 14.05.2026 15:12 Last: 14.05.2026 15:12 Sources 1

About this happening: The **KongTuke** campaign now uses **Microsoft Teams** social engineering to gain persistent access to **corporate networks**, shortening initial compromise to **under five minute...

Microsoft Windows 365 Office installation disruption

Service Disruption
H score0 First: 13.05.2026 14:53 Last: 13.05.2026 14:53 Sources 1

About this happening: The **Windows 365** service update has introduced a **configuration change** that is blocking **Office downloads and installs** for some customers, disrupting access on cloud PCs....

Code of conduct-themed Microsoft AiTM phishing campaign

Campaign
H score53 First: 05.05.2026 09:35 Last: 05.05.2026 09:35 Sources 1

About this happening: A **large-scale phishing campaign** used code of conduct-themed lures and **legitimate email services** to push victims to attacker-controlled domains and steal **authentication t...

QR code phishing surged across email threats in Q1 2026

Trend
H score73 First: 05.05.2026 09:35 Last: 05.05.2026 09:35 Sources 1

About this happening: **Q1 2026** email-threat telemetry shows **QR code phishing** and **CAPTCHA-gated phishing** rising quickly, increasing the risk of **credential theft** across **organizations**....

Timeline

  1. 13.04.2026 18:00 2 articles · 2mo ago

    Microsoft 365 mailbox-rule abuse rises across breached accounts in Q4 2025

    Initial Disclosure

    After account compromise in **Q4 2025**, attackers quickly created mailbox rules to hide replies, reroute messages, and preserve access. The early phase was defined by immediate inbox manipulation before the victim could notice unusual mail flow.

    Show sources