Ghost-Sender: Why DMARC Cannot Stop Spoofing When Exchange Online Is Misconfigured
In early June 2026, Swiss cybersecurity firm InfoGuard Labs disclosed a vulnerability they named Ghost-Sender: a misconfiguration in Microsoft Exchange Online that allows an attacker to deliver email impersonating any …