Threat actors engaging in phishing attacks are exploiting
routing scenarios and misconfigured spoof protections to
impersonate organizations' domains and distribute emails that
appear as if they have been sent internally. "Threat actors have
leveraged this vector to deliver a wide variety of phishing
messages related to various phishing-as-a-service (PhaaS) platforms
such as Tycoon 2FA," the
Read more https://thehackernews.com/2026/01/microsoft-warns-misconfigured-email.html
