Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Italian Spanish
Search
Fortinet 320x100px
Fortinet 970x120px
New bugs in Teams open the door to data theft and social engineering

New bugs in Teams open the door to data theft and social engineering

Redazione RHC : 5 November 2025 07:28

Cybersecurity experts have disclosed four vulnerabilities in Microsoft Teams that could have allowed attackers to conduct dangerous social engineering and impersonation attacks against users.

Simply put, these loopholes allow you to alter the content of the message without the ‘ Modified ‘ label and the sender’s identity being visible, and to modify incoming notifications to change the apparent sender of the message.

This allows an attacker to trick victims into opening malicious messages by making them appear to come from a trusted source, such as high-level executives.

Microsoft, in a warning published last month, said that “Microsoft Teams’ broad collaboration capabilities and global adoption make it a high-value target for both cybercriminals and state-sponsored actors” and that its messaging (chat), calling, and meeting capabilities, as well as video-based screen sharing, are being weaponized at several stages of the attack chain.

Following the responsible disclosure in March 2024, some issues were addressed by Microsoft in August 2024 under the CVE identifier CVE-2024-38197, with subsequent patches distributed in September 2024 and October 2025.

A hostile attack, involving both unauthorized external users and malicious individuals within the organization, poses serious threats, as it compromises security barriers and allows potential targets to perform unwanted actions, such as clicking on malicious links received via messages or disseminating sensitive information.

The vulnerabilities found also allowed attackers to alter the names displayed in private chat discussions simply by changing the topic of the conversation, and to freely change the names displayed in call notifications and during calls, allowing an attacker to disguise their identity during calls.

The findings come as threat actors are abusing Microsoft’s enterprise communications platform in a variety of ways, including approaching targets and convincing them to grant remote access or running a malicious payload while posing as support staff.

Immagine del sitoRedazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli