The gist: An Exchange security vulnerability enables attackers to send emails from arbitrary sender addresses when hybrid configurations with third-party mail servers are used.
A security flaw in Microsoft Exchange allows attackers to send emails from arbitrary sender addresses. The vulnerability affects Exchange Online and on-premises installations operating in hybrid mode with external mail servers or spam filters.
The flaw, referred to as “Ghost-Sender,” exploits a configuration in which Exchange Online or on-premises Exchange operates in hybrid mode with a third-party mail server or spam filter. This allows attackers to bypass authentication mechanisms and send emails with spoofed sender addresses.
For CISOs, this represents a significant threat, as such spoofed emails can be abused for phishing campaigns, spear-phishing against senior staff, or social engineering attacks. The forged senders trigger no security warnings and appear in mailboxes as legitimate.
Affected organizations should verify whether Exchange Online is operated with hybrid configurations or third-party filters and review and strengthen appropriate security measures such as authentication protocols (SPF, DKIM, DMARC).
Source: www.darkreading.com · Published June 9, 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.