Microsoft Teams is a tool tracked across 50 threat clusters and 182 intelligence report mentions on ThreatCluster. First observed October 29, 2025; most recent activity July 14, 2026.
In early 2026, the Iranian APT group MuddyWater, affiliated with the Ministry of Intelligence and Security, executed a sophisticated cyber operation disguised as a Chaos ransomware attack. Utilizing social engineering…
On March 11, 2026, the Iranian-linked hacking group Handala executed a significant cyberattack on Stryker, a major U.S. medical technology company, causing a global disruption across its Microsoft environment. The…
Palo Alto Networks has issued a high-priority security update for a critical vulnerability tracked as CVE-2026-0234. This flaw affects the Microsoft Teams integration within the Cortex XSOAR and Cortex XSIAM platforms.…
Denis Obrezko, a 36-year-old Russian national, was arrested in Thailand and extradited to the US, where he faces charges for facilitating a cyber espionage campaign linked to the group Void Blizzard. This group has…
A North Korea-linked threat actor, UNC1069, is executing a targeted campaign aimed at cryptocurrency and Web3 professionals. The attackers lure victims into fake Zoom, Google Meet, and Microsoft Teams meetings, where…
Threat actors linked to North Korea, identified as UNC1069, are using fake Microsoft Teams domains to execute social engineering attacks and distribute malware. These attacks target corporate users by mimicking the…
The US Department of Justice and the Treasury have launched a coordinated crackdown on Southeast Asian scam centers, resulting in criminal charges against multiple individuals, including a Cambodian senator. The Scam…
The newly identified Pink extortion group has emerged, utilizing voice phishing (vishing) tactics to gain access to Microsoft 365 accounts. Researchers from Unit 42 have tracked the group under cluster designation…
A new ransomware campaign linked to the Payouts King group employs a malicious Microsoft Edge extension called 'Edgecution' to exploit the Chrome native messaging protocol. This attack allows the malware to escape the…
On May 19, 2026, Microsoft disrupted Fox Tempest, a malware-signing-as-a-service (MSaaS) operation that provided over 1,000 fraudulent code-signing certificates to cybercriminals, enabling them to disguise malware as…