The Hacker News

Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing

Attackers exploit misconfigured email routing and weak spoof protections to send internal-looking phishing emails for ...
Infosecurity Magazine

Phishing Attacks Exploit Misconfigured Email Routing Settings to Target Microsoft 365 Users

“Successful credential compromise through phishing attacks may lead to data theft or business email compromise (BEC) attacks ...
CSO Online

Microsoft warns of a surge in phishing attacks exploiting email routing gaps

Threat actors are abusing misconfigured MX records and weak DMARC/SPF policies to make phishing emails look internal, ...
Cybernews

Your domain, their bait: Microsoft warns businesses on internal email phishing loopholes

Microsoft has witnessed a surge in the use of this tactic since May 2025, as part of opportunistic campaigns targeting organizations across multiple industries and verticals.