A vulnerability in Microsoft Bookings allowed attackers to manipulate meeting details via HTML injection due to inadequate input validation. Exploited mainly through the “Reschedule” functionality, this flaw enabled phishing attacks and email manipulation, affecting organizations using Microsoft 365. Microsoft remedied the issue by February 2025, though some parameters remained vulnerable. Strong input validation is recommended.
Threat Actors Attacking Job Seekers With Three New Unique Adversaries
A surge in sophisticated recruitment scams targets job seekers, exploiting economic vulnerabilities. Cybercriminals use social engineering to blend legitimate practices with fraud, resulting in over
