Tech giant Microsoft has fixed vulnerabilities discovered by Check Point Research in its Teams platform, which is used by 320m people monthly.
Check Point Research identified several flaws in Teams that could allow attackers to edit sent messages without showing the “edited” label, spoof notifications so alerts appear to come from a trusted colleague or executive, alter chat titles or display names to mislead employees about who they are communicating with, and even forge caller identities in audio or video calls, making malicious calls appear to come from trusted contacts.
Microsoft was informed of the issues, which it addressed at the end of October 2025. However, Check Point Research noted that “even though Microsoft patched the vulnerabilities after Check Point Research’s responsible disclosure, the findings expose a larger systemic risk: collaboration platforms are now a prime target for social-engineering-driven cyberattacks.”
“These flaws show that collaboration platforms have become the new cyber security frontline, where trust itself is now being exploited as an attack vector, with attackers exploiting this trust rather than pure technology flaws,” the group added.
Check Point Software chief technologist and head of product vulnerability Oded Vanunu said, “Our research shows that threat actors don’t need to break in anymore, they just need to bend trust. Organisations must now secure what people believe, not just what systems process. As AI accelerates both collaboration and cybercrime, prevention-first security will determine which organisations stay resilient. Seeing isn’t believing anymore — verification is.”