Last scanned 19 hours ago
Not yet scanned
Not yet scanned
Not yet scanned
Microsoft disclosed three critical information disclosure vulnerabilities affecting Microsoft 365 Copilot and Copilot Chat that have been fully remediated. These vulnerabilities could have exposed sensitive information to unauthorized access.
A critical zero-day vulnerability (CVE-2026-32201) in Microsoft SharePoint is being actively exploited in the wild, with over 1,300 server instances currently exposed. This represents a confirmed vulnerability with active exploitation against a Microsoft 365 component.
Microsoft and CISA warned of an actively exploited zero-click Windows vulnerability that can expose systems to attack. The flaw represents a confirmed security incident affecting Windows systems, though the article indicates Microsoft's previous patch for a related 0-day was insufficient.
A Copilot privacy setting was identified that can access and pull data from other Microsoft services (Bing, MSN, Edge) to personalize responses, raising data handling and privacy concerns. This represents a configuration/privacy practice issue requiring investigation and potential user notification rather than a confirmed active breach.
Microsoft faces a UK antitrust lawsuit from Slack and Salesforce alleging anticompetitive bundling practices with Microsoft Teams. This is a regulatory/legal action rather than a security incident, but represents significant legal and compliance risk to the Microsoft 365 vendor.
Mandiant identified UNC6692 threat actors exploiting Microsoft Teams to impersonate IT help desk personnel and deploy SNOW malware, with 77% of attacks targeting senior corporate staff. This represents a confirmed active incident leveraging Microsoft 365 infrastructure as an attack vector for credential theft and malware distribution.
Track score changes, new CVEs, and breach news automatically.
Start free monitoring - no credit cardGet daily risk scores, breach alerts, and compliance reports for all your SaaS tools.
Start free - 30 day trial