Risky Bulletin Risky Bulletin: Phishers abuse forgotten Direct Send feature
7 snips
Jun 26, 2025 A sophisticated phishing group exploits a forgotten feature in Microsoft Exchange Online, posing dire security risks. A ransomware attack tragically links to a patient's death, highlighting the severe impacts of cybercrime. France takes decisive action by arresting BreachForums leadership amid a surge in cyber incidents, including major breaches in universities and municipalities. Meanwhile, cities like Lyon shift to open-source solutions, seeking greater digital independence from Microsoft.
AI Snips
Chapters
Transcript
Episode notes
Direct Send Feature Abused
- Microsoft Exchange Online's little-known direct send feature is being abused by phishing groups.
- This feature allows sending internal emails from non-human accounts without sender authentication.
Ransomware Attack Causes Patient Death
- One patient died due to delays caused by the Synovus ransomware attack on UK blood lab.
- Others suffered long-term or minor harm from attack-related service disruptions.
Breach Forums Leadership Arrested
- French police arrested Breach Forums leadership including the UK administrator Kai West.
- The underground site was hacked by rivals and has been offline since April.