Microsoft 365 'Direct Send' Exploited for Internal Phishing Attacks

An article from BleepingComputer reports that the 'Direct Send' feature of Microsoft 365 is being exploited by malicious actors to send phishing emails that appear to come from internal users. This method allows attackers to bypass security filters and deceive recipients into believing that the emails are from trusted sources within their organization. The phishing emails use social engineering techniques to trick users into clicking on malicious links or providing sensitive information.