This phishing campaign spoofs internal messages - here's what we know

Crooks are abusing misconfigurations to trick victims into thinking they received an email from their bosses and HRs.
Cybernews

Pharma corporation leaks 8M+ messages, employee records

South Korean pharma giant Boryung Corporation leaked 8 million internal messages and employee records via an exposed MongoDB ...
Dark Reading

Phishers Abuse Microsoft 365 to Spoof Internal Users

Cybercriminals appear to have found a troubling new way to bypass Microsoft 365's email security defenses and deliver convincing phishing emails to targeted users. The tactic exploits a legitimate ...
Forbes

Reputational Risk Is Now Internal—Because Employees Already Know The Story

Employees now learn the truth faster than internal messages travel. When external visibility outruns communication, an EVP holds only if it matches lived culture. By 2025, pressure on organizational ...
Bleeping Computer

Microsoft 365 'Direct Send' abused to send phishing as internal users

An ongoing phishing campaign abuses a little‑known feature in Microsoft 365 called "Direct Send" to evade detection by email security and steal credentials. Direct Send is a Microsoft 365 feature that ...