Find notable cyber news and cases, enriched with sources, timelines, and signals.

Microsoft 365 Android apps token-sharing flaw (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 21
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft 365 Android apps were exposed by a leftover setIsDebugMode(true) flag that let same-device apps steal account tokens and act as the signed-in user. The flaw could expose email, files, calendar data, and messaging across Word, PowerPoint, Excel, Microsoft 365 Copilot, Loop, and OneNote. Microsoft patched the issue and issued four CVEs on May 12. There is no public evidence of exploitation before the fix.

Related Happenings

Google Android Developer Verifier enforcement rollout for verified app installs

Security Tool/Service
H score14 First: 22.06.2026 15:45 Last: 22.06.2026 15:45 Sources 1

About this happening: Google is enforcing Android developer verification on September 30, 2026, blocking normal installs of unverified apps on certified Android phones in Brazil, Indonesia, S...

Microsoft Office launch disruption after June 2026 Windows updates

Service Disruption
H score0 First: 17.06.2026 14:54 Last: 17.06.2026 14:54 Sources 1

About this happening: Microsoft is investigating a Windows update-related disruption that can stop third-party applications from launching Word, Excel, PowerPoint, Access or opening documen...

EvilTokens Microsoft 365 consent phishing campaign

Campaign
H score39 First: 19.05.2026 14:30 Last: 19.05.2026 14:30 Sources 1

About this happening: The EvilTokens campaign rapidly compromised more than 340 Microsoft 365 organizations across five countries, showing how OAuth grant abuse can bypass MFA and c...

Tycoon2FA device-code phishing campaign targeting Microsoft 365

Campaign
H score46 First: 17.05.2026 17:43 Last: 17.05.2026 17:43 Sources 1

About this happening: The Tycoon2FA phishing operation added device-code phishing to hijack Microsoft 365 accounts, expanding its ability to steal access tokens and reach email, calendar, a...

Microsoft Windows 365 Office installation disruption

Service Disruption
H score0 First: 13.05.2026 14:53 Last: 13.05.2026 14:53 Sources 1

About this happening: The Windows 365 service update has introduced a configuration change that is blocking Office downloads and installs for some customers, disrupting access on cloud PCs....

Timeline

  1. 03.06.2026 17:56 1 articles · 1mo ago

    Microsoft patches Microsoft 365 Android token-sharing flaw

    Mitigation Patch Update

    Microsoft issued four CVEs on May 12 for a token-sharing bypass in Microsoft 365 Android apps, covering Microsoft 365 Copilot, Word, PowerPoint, and Excel. The same flaw also affected Loop and OneNote, and the patched Word build for Android was 16.0.19822.20190.

    Show sources
  2. 03.06.2026 17:56 2 articles · 1mo ago

    Enclave finds token-sharing bypass in Microsoft 365 Android apps

    Initial Disclosure

    Enclave's Yanir Tsarimi and Ofek Levin found that a leftover setIsDebugMode(true) flag in production builds of several Microsoft 365 Android apps skipped the check meant to limit account-token sharing to trusted Microsoft apps. The flaw let another app on the same phone obtain FOCI refresh tokens and use them to read email, open files, browse calendars, and send messages as the signed-in user.

    Show sources