Bleeping Computer

Microsoft 365 'Direct Send' abused to send phishing as internal users

An ongoing phishing campaign abuses a little‑known feature in Microsoft 365 called "Direct Send" to evade detection by email security and steal credentials. Direct Send is a Microsoft 365 feature that ...
CSOonline

Don’t trust that email: It could be from a hacker using your printer to scam you

New research reveals a simple way threat actors are using Microsoft 365 Direct Send to phish employees, without even having to steal credentials. Printers and scanners are increasingly becoming ways ...