Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Microsoft Teams spoofing flaws information disclosure flaw (CVE-2024-38197)

Vulnerability
First reported
Last updated
Happening score
H score 0
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft Teams flaws disclosed in November 2025 enabled impersonation, message tampering, and spoofed notifications, creating social engineering risk for chat, call, and notification flows. Microsoft tied part of the issue set to CVE-2024-38197 in Teams for iOS, with fixes beginning in August 2024 and additional patches following in September 2024 and October 2025. The weaknesses could let attackers make malicious messages look like they came from trusted colleagues, increasing the chance of sensitive information disclosure.

Related Happenings

Rising critical Microsoft vulnerabilities across Windows, Azure, Dynamics 365, and Office

Target Trend
First: 19.05.2026 17:00 Last: 19.05.2026 17:00 Sources 1

About this happening: Microsoft’s vulnerability volume stayed broadly stable, but **critical flaws** doubled year over year across **Windows, Azure, Dynamics 365, and Office**, increasing the likelihoo...

Open Happening

Microsoft Edge regression disrupts Teams meeting joins

Service Disruption
First: 23.04.2026 16:18 Last: 23.04.2026 16:18 Sources 1

About this happening: A **Microsoft Edge** regression is preventing some **Windows** users from joining **Microsoft Teams** meetings, causing a limited-scope access disruption for scheduled and link-ba...

Open Happening

Microsoft Teams rolls out Brand Impersonation Protection for external call warnings

Security Tool/Service
First: 22.01.2026 18:28 Last: 22.01.2026 18:28 Sources 1

About this happening: **Microsoft Teams** is adding **Brand Impersonation Protection** to warn users about suspicious **first-time external callers**, reducing social-engineering risk in call flows. Th...

Open Happening

Microsoft Teams desktop client rolls out separate calling process and new security controls

Security Tool/Service
First: 25.11.2025 16:24 Last: 25.11.2025 16:24 Sources 1

About this happening: **Microsoft Teams Desktop Client for Windows** is rolling out **ms-teams_modulehost.exe** in **January 2026**, splitting calling features into a separate process and changing how...

Open Happening

Microsoft Teams adds user reporting for false-positive threat detections

Security Tool/Service
First: 18.11.2025 19:14 Last: 18.11.2025 19:14 Sources 1

About this happening: **Microsoft Teams** is adding user reporting for messages wrongly flagged as malicious, giving organizations a way to surface **false positives** and improve detection accuracy. T...

Open Happening

Timeline

  1. 04.11.2025 16:00 2 articles · 6mo ago

    Check Point details Microsoft Teams spoofing flaws

    Technical Analysis Update

    Check Point disclosed four Microsoft Teams flaws that could let attackers manipulate conversations, impersonate colleagues, spoof notifications, alter private chat display names, and forge caller identities, creating social engineering risk for guest and internal users. Microsoft said CVE-2024-38197 is a medium-severity spoofing issue in Teams for iOS, and fixes began in August 2024 with later patches in September 2024 and October 2025.

    Show sources
    Open in new tab