Check Point Research identified critical vulnerabilities in Microsoft Teams that allow attackers to manipulate messages, spoof notifications, and impersonate users. Four specific types of attacks were detailed, highlighting the potential for business email compromise and identity fraud. Microsoft has issued fixes for these issues, but concerns remain about security.

Recent attacks linked to Chinese hacking groups have exploited a zero-day vulnerability in Microsoft SharePoint, breaching numerous organizations globally. The vulnerabilities, identified as CVE-2025-49706 and CVE-2025-49704, were actively targeted by multiple threat actors, prompting Microsoft and CISA to release emergency patches and recommend immediate action for affected entities.

Russian hackers have been exploiting vulnerabilities in Microsoft's OAuth 2.0 authentication framework, allowing them to access sensitive information from targeted accounts. This ongoing attack poses significant security risks for organizations using Microsoft services, emphasizing the need for enhanced security measures and awareness.