THREATNOIR
Subscribe
Back to Feed
VulnerabilitiesJun 9, 2026

Microsoft Exchange Flaw Lets Attackers Spoof Any Email Address

Microsoft Exchange flaw allows attackers to spoof any email address using 'Ghost-Sender'.

Read at source

Summary

A new technique dubbed 'Ghost-Sender' exploits a vulnerability in Microsoft Exchange, enabling attackers to spoof any email address. This spoofing can be achieved when Exchange Online or on-premises Exchange is used in hybrid mode with a third-party mail server or spam filter.

Entities

Exchange (product)Exchange Online (product)Microsoft (vendor)