Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Microsoft Teams cross-tenant Defender blind spot security flaw

Vulnerability
First reported
Last updated
Happening score
H score 19
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft Teams has a cross-tenant Defender blind spot where guest invitations can move chats outside an organization’s protection boundary, creating phishing and malware delivery risk. Ontinue says Microsoft Defender for Office 365 protections may not apply once a user accepts a guest invite in an external tenant. The issue matters because an attacker can host the conversation in a malicious Microsoft 365 tenant with weaker or missing defenses, bypassing expected Teams email/chat protections. Organizations can reduce exposure by tightening B2B collaboration and cross-tenant access controls.

Related Happenings

Microsoft Teams on macOS repeated location-prompt service disruption

Service Disruption
First: 19.05.2026 19:10 Last: 19.05.2026 19:10 Sources 1

About this happening: Microsoft confirmed a **Microsoft Teams on macOS** service disruption that causes **non-dismissible location prompts** for some users, interrupting normal app use for those who en...

Open Happening

KongTuke Microsoft Teams initial access campaign

Campaign
First: 14.05.2026 15:12 Last: 14.05.2026 15:12 Sources 1

About this happening: The **KongTuke** campaign now uses **Microsoft Teams** social engineering to gain persistent access to **corporate networks**, shortening initial compromise to **under five minute...

Open Happening

Microsoft Edge regression disrupts Teams meeting joins

Service Disruption
First: 23.04.2026 16:18 Last: 23.04.2026 16:18 Sources 1

About this happening: A **Microsoft Edge** regression is preventing some **Windows** users from joining **Microsoft Teams** meetings, causing a limited-scope access disruption for scheduled and link-ba...

Open Happening

Microsoft Teams remote assistance abuse mitigation

Advisory/Mitigation
First: 20.04.2026 18:11 Last: 20.04.2026 18:11 Sources 1

About this happening: **Microsoft** issued mitigation guidance to curb **Teams-adjacent remote assistance abuse**, warning that external contacts should be treated as untrusted and that **remote assist...

Open Happening

Microsoft Entra device code phishing and vishing campaign

Campaign
First: 19.02.2026 14:30 Last: 19.02.2026 14:30 Sources 1

About this happening: A **device code phishing campaign** is targeting **Microsoft 365 identities** through the **OAuth 2.0 device authorization flow**, letting attackers steal valid access tokens afte...

Open Happening

Timeline

  1. 28.11.2025 10:33 2 articles · 6mo ago

    Microsoft Teams guest access can bypass Defender protection

    Technical Analysis Update

    Ontinue identified a cross-tenant blind spot in Microsoft Teams guest access where Microsoft Defender for Office 365 protections may not apply after a user accepts a guest invitation to an external tenant. A malicious Microsoft 365 tenant using Teams Essentials or Business Basic can invite a target by email, move the conversation outside the victim organization’s security boundary, and deliver phishing links or malware-laced attachments without Safe Links or Safe Attachments scans. Organizations can reduce exposure by tightening B2B collaboration settings, using cross-tenant access controls, limiting external Teams communication, and training users to scrutinize unsolicited guest invitations.

    Show sources
    Open in new tab