Find notable cyber news and cases, enriched with sources, timelines, and signals.

Microsoft Teams desktop client rolls out separate calling process and new security controls

Security Tool/Service
First reported
Last updated
Happening score
H score 11
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft Teams Desktop Client for Windows is rolling out ms-teams_modulehost.exe in January 2026, splitting calling features into a separate process and changing how the app is handled by endpoint security tools. The update is meant to improve call startup and meeting performance while reducing false-positive detections. Teams is also expanding protections against malicious URLs, malicious file types, and screen-capture attempts in meetings and chats.

Related Happenings

Microsoft Teams admin policy adds approval-based control for third-party bots

Security Tool/Service
H score11 First: 30.06.2026 13:52 Last: 30.06.2026 13:52 Sources 1

About this happening: Microsoft Teams introduced an **admin policy** that lets organizers prevent **third-party bots** from joining meetings without approval. The control improves **visibility** over e...

Microsoft Teams third-party bot approval controls for meeting social-engineering risk

Defensive Guidance
H score11 First: 30.06.2026 13:52 Last: 30.06.2026 13:52 Sources 1

About this happening: **Microsoft Teams** has added admin controls that block **third-party bots** without approval, reducing **meeting social-engineering risk** across managed tenants. The policy impr...

Microsoft Teams on macOS repeated location-prompt service disruption

Service Disruption
H score0 First: 19.05.2026 19:10 Last: 19.05.2026 19:10 Sources 1

About this happening: Microsoft confirmed a **Microsoft Teams on macOS** service disruption that causes **non-dismissible location prompts** for some users, interrupting normal app use for those who en...

KongTuke Microsoft Teams initial access campaign

Campaign
H score42 First: 14.05.2026 15:12 Last: 14.05.2026 15:12 Sources 1

About this happening: The **KongTuke** campaign now uses **Microsoft Teams** social engineering to gain persistent access to **corporate networks**, shortening initial compromise to **under five minute...

MuddyWater Microsoft Teams social-engineering campaign with Chaos ransomware decoy

Campaign
H score37 First: 06.05.2026 16:02 Last: 06.05.2026 16:02 Sources 1

About this happening: The **MuddyWater** campaign used **Microsoft Teams** social engineering and a **Chaos ransomware** decoy to gain access, steal credentials, and establish persistence. The operatio...

Timeline

  1. 25.11.2025 16:24 2 articles · 7mo ago

    Microsoft Teams desktop client rolls out separate calling process and new security controls

    Initial Disclosure

    Beginning in **early January 2026**, Teams will separate calling functions into a new **ms-teams_modulehost.exe** process. The rollout also broadens chat and meeting protections against **malicious links**, **file types**, and **screen capture**.

    Show sources