A new report from the Acronis Threat Research Unit has uncovered a vulnerability in Microsoft Exchange Online settings that could enable email spoofing attacks.
This issue primarily affects users with a hybrid configuration of on-premises Exchange and Exchange Online, and those utilizing third-party email security solutions. In July 2023, Microsoft introduced a major change in how it handles DMARC (Domain-based Message Authentication, Reporting, and Conformance) within Microsoft Exchange. This update was intended to bolster security by enhancing how email servers verify incoming emails’ legitimacy. Unfortunately, despite clear guidance from Microsoft, a considerable number of users have yet to implement these security measures.
Read more…
Source: TechRadar News
Related:
- Fortinet Releases Security Advisory for Relative Path Traversal Vulnerability Affecting FortiWeb Products
November 14, 2025
CISA is aware of exploitation of a newly disclosed vulnerability, CVE-2025-64446, in Fortinet FortiWeb, a web application firewall. This vulnerability affects the following FortiWeb versions:1 8.0.0 through 8.0.1 7.6.0 through 7.6.4 7.4.0 through 7.4.9 7.2.0 through 7.2.11 7.0.0 through 7.0.11 CVE-2025-64446 is a relative path traversal vulnerability CWE-23: Relative Path Traversal that may allow an unauthenticated ...
- CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities
November 12, 2025
CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices. Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, identified known vulnerabilities CVE-2025-20333 and CVE-2025-20362, and mandated immediate action to mitigate risks. Threat actors continue to target ...
- Patch Tuesday – November 2025
November 11, 2025
Microsoft is publishing 66 new vulnerabilities today, which is far fewer than one would expect in recent months. There’s a lone exploited-in-the-wild zero-day vulnerability, which Microsoft assesses as critical severity, although there’s apparently no public disclosure yet. Three critical remote code execution (RCE) vulnerabilities are patched today; happily, Microsoft currently assesses all three as less likely ...
- LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices
November 7, 2025
Unit 42 researchers have uncovered a previously unknown Android spyware family, which we have named LANDFALL. To deliver the spyware, attackers exploited a zero-day vulnerability (CVE-2025-21042) in Samsung’s Android image processing library. The specific flaw LANDFALL exploited, CVE-2025-21042, is not an isolated case but rather part of a broader pattern of similar issues found on multiple ...
- Cisco Releases Security Updates for Unified CCX
November 6, 2025
Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX). CVE-2025-20354 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 9.8 CVE-2025-20358 – Authentication Bypass (unauthenticated to administrative privileges) vulnerability – CVSSv3 score: 9.4 Read more… Source: NHS Digital Sign up for the Cyber Security Review Newsletter The latest cyber security news and ...
- Washington Post says it is among victims of cyber breach tied to Oracle software
November 6, 2025
The Washington Post said it is among victims of a sweeping cyber breach tied to Oracle software. In a statement released on Thursday, the newspaper said it was one of those impacted “by the breach of the Oracle E-Business Suite platform.” The paper did not provide further detail, but its statement comes after CL0P, the notorious ...