Cybersecurity researchers have disclosed details of four security flaws in Microsoft Teams that could have exposed users to serious impersonation and social engineering attacks.

The vulnerabilities "allowed attackers to manipulate conversations, impersonate colleagues, and exploit notifications," Check Point said in a report shared with The Hacker News.

Following responsible disclosure in March 2024, some of the issues were addressed by Microsoft in August 2024 under the CVE CVE-2024-38197, with subsequent patches rolled out in September 2024 and October 2025.

In a nutshell, these shortcomings make it possible to alter message content without leaving the "Edited" label and sender identity and modify incoming notifications to change the apparent sender of the message, thereby allowing

See Full Page