CYBERSECURITY researchers have uncovered vulnerabilities in Microsoft Teams that allowed hackers to impersonate executives, rewrite chat histories, and forge caller IDs — exposing one of the world’s most trusted collaboration tools to manipulation from within.
The flaws, discovered by Check Point Research and disclosed to Microsoft earlier this year, affected more than 320 million users globally before being patched in October. According to researchers, attackers could exploit these weaknesses to edit or delete messages invisibly, spoof notifications to appear from CEOs or finance officers, and initiate fake audio or video calls under any identity.
“These vulnerabilities hit at the heart of digital trust,” said Oded Vanunu, chief technologist at Check Point Software Technologies. “Threat actors don’t need to hack into systems anymore — they just need to bend what people see. In a world built on collaboration, attackers are now targeting trust itself.”
The revelations point to a new kind of threat: not just breaking into systems, but breaching conversations. Collaboration platforms such as Microsoft Teams, Slack, and Zoom have become vital to modern organizations, carrying everything from internal strategy discussions to financial approvals. The same trust that makes them indispensable has turned into a new attack surface.
Check Point’s report, titled “Trust Exploited,” details how an attacker could manipulate Teams’ message-rendering functions to alter conversations without showing the usual “Edited” label. They could also spoof push notifications to mimic executive alerts or forge caller IDs to make fraudulent calls appear legitimate.
Get the latest news
delivered to your inbox
Sign up for The Manila Times newsletters
By signing up with an email address, I acknowledge that I have read and agree to the Terms of Service and Privacy Policy.
Microsoft acknowledged the findings, issuing fixes for four reported flaws, including one tracked as CVE-2024-38197. The company said the vulnerabilities were responsibly disclosed and resolved, but industry experts note that the broader risk to digital collaboration remains.
“Collaboration tools have become the next cybersecurity frontline,” Vanunu said. “These attacks blur the line between technology and psychology — targeting how people communicate, make decisions, and trust one another.”
Analysts warn that this new wave of exploitation could fuel the next generation of social engineering and business email compromise schemes — except inside chat interfaces, where employees may be less suspicious. A single impersonated message could trigger false approvals or financial transfers, while forged calls might deceive staff into sharing sensitive information in real time.
Beyond financial risk, the reputational damage could be immense if internal chats or meeting invites were manipulated to spread misinformation or discredit executives. “Seeing isn’t believing anymore — verification is,” Vanunu said.
Cybersecurity experts urge companies to treat collaboration tools as critical infrastructure. They recommend enabling multifactor authentication, restricting guest access, and using AI-driven monitoring systems to detect message tampering or identity spoofing. Most importantly, employees should be trained to verify unusual requests — even if they appear to come from trusted leaders.
Check Point said its findings were part of a growing pattern: attackers are shifting from breaching code to exploiting context. In this environment, trust itself has become the most valuable — and vulnerable — commodity in cyberspace.