Exchange Online Exploit: Hybrid-to-Cloud Privilege Escalation Risk (CVE-2025-53786)

A critical Exchange Online exploit (tracked as CVE-2025-53786) lets attackers with access to an on-premises Exchange server escalate privileges into Microsoft 365, potentially compromising mailboxes, service principals, and cloud identities. The flaw enables stealthy lateral movement from hybrid infrastructure into Exchange Online and can evade obvious cloud logs if operators don’t follow vendor guidance. Organizations using hybrid Exchange should treat this as urgent: apply Microsoft’s security updates and mitigations, rotate exposed credentials, restrict administrative access to on-prem Exchange, and monitor for unusual authentication and mailbox activity. Rapid patching, credential hygiene, and focused monitoring reduce the risk of full tenant compromise.

Microsoft 365 Direct Send vulnerability

Microsoft 365’s Direct Send Feature Under Attack: How Cybercriminals Are Bypassing Email Security

exposes a significant vulnerability within Microsoft 365's Direct Send feature, explaining how it allows cybercriminals to bypass email security by impersonating internal users. This sophisticated phishing campaign leverages the feature's lack of authentication, enabling attackers to send malicious emails that appear to originate from within an organization, even without compromising any accounts. The article details the technical aspects of the exploit, including the use of PowerShell commands and specific indicators of compromise. Finally, it outlines critical mitigation strategies for organizations, emphasizing enhanced monitoring and advanced email security solutions to combat this difficult-to-detect threat. ... Read More