Breaking 17:33 Netflix expands beyond streaming as investors react to slower revenue growth 16:16 SpaceX aborts Starship launch seconds before liftoff after engine issue 15:47 OpenAI unveils its first smart hardware device for AI-powered coding 15:33 U.S. authorities seize more than 700 drones during the 2026 FIFA World Cup 15:15 Ford recalls more than 288,000 vehicles in the United States over roof rail trim issue 14:37 US strikes in Iran leave 38 dead and more than 400 injured, health ministry says 13:00 FIFA confirms 11-minute halftime show for 2026 World Cup final 12:30 Netflix shares fall 9% as weak forecast raises fresh concerns over future growth 12:00 Renewed US strikes deepen anxiety in Iran as citizens face economic and political uncertainty 11:57 United States to introduce fixed stay limits for foreign students and journalists 11:54 Intuitive Surgical shares slide as insurance policy concerns weigh on growth outlook 11:35 Fifth Third profit rises as higher interest income and fee growth strengthen quarterly results 11:32 Travelers profit surges as lower catastrophe losses and investment gains boost second-quarter results 11:11 Trump administration reinstates public charge rule for green card applicants 11:00 Global semiconductor stocks slide as AI investment concerns shake financial markets 10:45 Trump revives 2020 election fraud claims, renewing debate over election integrity 10:39 Apple shares reach record high as AI strategy boosts investor confidence 10:16 Coupang Data dispute puts new strain on US-South Korea economic relations 09:02 China condemns new U.S. visa restrictions and warns of reciprocal measures 09:02 U.S. housing market loses momentum as pending home sales decline in June 08:35 Reports raise possibility of delay to 2026 World Cup final over wildfire smoke 08:31 Seven U.S. aid workers quarantine in Kenya after new Ebola travel restrictions 08:30 Donald Trump to attend 2026 FIFA World Cup final between Spain and Argentina 08:15 Trump Accounts program aims to encourage long-term investing for American children 07:58 Iraqi armed group claims to offer reward over threats against Donald Trump 07:15 Trump makes election security a central issue ahead of U.S. midterm elections 20:00 OpenAI investigates reports of AI tool deleting user files without permission 19:15 OnePlus reportedly plans to scale back operations in the U.S. and Europe 18:34 U.S. ammunition stockpile recovery could take years, report says

Scammers send phishing emails from official Microsoft address

Friday 22 May 2026 - 08:31
By: Dakir Madiha
Scammers send phishing emails from official Microsoft address

Phishing operators have exploited a vulnerability in Microsoft’s email notification systems to send fraudulent messages from a legitimate internal address used for security alerts and authentication codes. The abuse involves the address msonlineservicesteam@microsoftonline.com, which normally delivers two-factor authentication codes and account notifications to hundreds of millions of users worldwide. The misuse gives attackers a powerful way to bypass user suspicion by appearing as trusted system communication.

The attack appears to rely on creating or compromising Microsoft accounts and leveraging them to trigger automated system emails that carry fraudulent content. In some cases, attackers replicate security alerts warning of unauthorized transactions. In others, messages direct users to external links embedded in the email body. Because the messages originate from a legitimate Microsoft-controlled infrastructure, they often pass basic authentication checks and appear authentic to recipients.

Security researchers have also documented related techniques involving Microsoft’s identity management system, where attackers manipulate tenant configuration fields to inject deceptive text into automated notifications. This method can alter subject lines and message content in system-generated emails, including fake purchase confirmations or cryptocurrency-related alerts. The result is a hybrid form of phishing where legitimate infrastructure is used to generate convincing fraudulent communications at scale.

A cybersecurity monitoring group has reported that the same Microsoft notification address has been abused for months to distribute spam and phishing messages. The group has flagged the issue to Microsoft and warned that such levels of customization in automated notification systems create structural risks for abuse. Microsoft has acknowledged inquiries but has not publicly detailed corrective measures. The incident reflects a broader trend in which attackers increasingly target trusted enterprise communication systems rather than relying on external spoofed domains. Users are advised to avoid clicking links in unexpected security emails and to verify account activity directly through official platforms.


  • Fajr
  • Sunrise
  • Dhuhr
  • Asr
  • Maghrib
  • Isha

This website, walaw.press, uses cookies to provide you with a good browsing experience and to continuously improve our services. By continuing to browse this site, you agree to the use of these cookies.