InfoSecBulletin Cybersecurity for mankind
ZeroFont Phishing is a new yet old technique for sending Phishing emails. It allows threat actors to bypass security mechanisms and successfully send phishing emails. Using this technique, attackers were able to evade Microsoft’s Natural Language Processing, which was serving as portion against phishing emails for Office users.
Office 365 – Natural Language Processing
Gmail Data exposes via ChatGPT Deep Research Agent dubbed “ShadowLeak Zero-Click” Flaw
Cyber attack disrupts several European airports: check-in and boarding systems affected
Hacker claim to breach Link3; 189,000 Users data up for sale
Check Point Hosts “Securing the Hyperconnected World in the AI Era” in Dhaka
Microsoft Confirms 900+ XSS Vulns Found in IT Services
Daily Security Update Dated : 15.09.2025
IBM QRadar SIEM Vuln Let Attackers Perform Unauthorized Actions
Major Australian Banks using Army of AI Bots to Scam Scammers
F5 to acquire CalypsoAI for $180M for Advanced AI Security Capabilities
AI Pentesting Tool ‘Villager’ Merges Kali Linux with DeepSeek AI for Automated Attacks
Microsoft is focused on securing its customers in all areas, especially phishing attacks. Phishing attacks, also known as Business Email Compromise, are commonly used by threat actors to infiltrate organizations.
Microsoft prevents phishing emails by using Natural Language Processing. This technology scans the contents of an email to detect signs of impersonation or fraud. If an email contains text such as “© 2018 Microsoft Corporation. All rights reserved” and is not from Microsoft.com, Microsoft flags it as fraudulent.
Threat actors used the ZeroFont Phishing attack to bypass email content authentication. The technique was used to understand different types of information, like banking details, user accounts, password resets, and financial requests.
ZeroFont Phishing
The attacker sends a fake email pretending to be from Office 365, warning the victim about a quota limit. The email looks like it’s from an administrative service. The phishing email uses the ZeroFont attack to bypass security measures.
Threat actors inserted random text inside the email, which had <span style=”FONT-SIZE: 0px”> for a zero font size, and broke up the text strings to bypass Microsoft’s natural language processing.
To read the full report published by Avana click here.
Also read:
An attack every 39 seconds, approximately 2,200 attacks per day: Cyber awareness month starts
