An ongoing phishing campaign abuses a little”‘known feature in Microsoft 365 called “Direct Send” to evade detection by email security and steal credentials.
First seen on bleepingcomputer.com
Jump to article: www.bleepingcomputer.com/news/security/microsoft-365-direct-send-abused-to-send-phishing-as-internal-users/
