Threat actors could exploit a vulnerability to spoof Microsoft corporate email accounts in phishing attacks against Outlook accounts, which are used by 400 million users around the world, TechCrunch reports.
Such a flaw was publicized by security researcher Vsevolod Kokorin, also known as Slonser, in a post on X, formerly Twitter, after his disclosure was dismissed by Microsoft even after he sent a video along with the proof-of-concept exploit for the security issue. "Microsoft just said they couldn't reproduce it without providing any details. Microsoft might have noticed my tweet because a few hours ago they reopen [sic] one of my reports that I had submitted several months ago," said Kokorin. Such a development comes after Microsoft President Brad Smith emphasized the company's commitment to prioritize cybersecurity following the compromise of federal government emails and corporate email accounts by Chinese and Russian state-sponsored threat actors, respectively, due to security failings.