Office 365 had a vulnerability that made it identify a spam email as legitimate. Turkish security researcher Utku Sen identified the issue earlier this month and Microsoft has since fixed
the issue. The vulnerability took advantage of a flaw in Microsoft’s DKIM (DomainKeys Identified Mail) validator used in Outlook 365. By taking advantage of this vulnerability, hackers
could use email forwarding tools in Outlook 365 to validate phishing emails that spoofed the Microsoft.com domain. Read the whole story at Threat Post »