New research from Check Point reveals how hackers can alter messages, spoof notifications, and impersonate executives in Microsoft Teams, exposing a rising risk in which digital trust has become the most vulnerable part of workplace collaboration.
Imagine this: a company employee receives an urgent message on Microsoft Teams. It appears legitimate, with the sender’s name, profile photo, and chat history all matching. But the person behind the message isn’t a trusted colleague, it’s an attacker.
This scenario is at the heart of Check Point Research’s latest findings, which uncover critical vulnerabilities in Microsoft Teams, a platform used by over 320 million people each month. The flaws allow attackers to manipulate messages, spoof notifications, and even impersonate high-level company executives.
Basically, attackers can infiltrate corporate channels and alter what employees see, rewriting message content, changing names in private chats, or sending fake alerts that look completely authentic.
Check Point Research discovered that both external guest users and malicious insiders can exploit these weaknesses. In one case, messages could be edited after they are sent without the usual “Edited” label appearing. In another, notifications could be faked to appear to come from a trusted source. Even caller IDs in video or audio chats can be forged by simply manipulating call requests.
The vulnerabilities, reported to Microsoft in March 2024 and tracked as CVE-2024-38197, were fixed throughout 2024 and 2025. But Check Point warns that the issue goes beyond a single platform: as email phishing becomes less effective, attackers are increasingly targeting collaboration tools, exploiting the trust users place in internal systems.
“This vulnerabilities hit the core of digital trust. Collaboration platforms like Teams are now just as important as email and equally vulnerable. Our research shows that threat actors no longer need to break in; they just need to manipulate trust. Organizations must now protect what people believe, not only what systems process.
As AI speeds up both collaboration and cybercrime, a prevention-first security approach will determine which organizations stay resilient. Seeing isn’t believing anymore; verification is,” said Oded Vanunu, Head of Product Vulnerability Research at Check Point.
The Microsoft Teams vulnerabilities illustrate a wider problem: collaboration platforms are becoming the new battleground. Just as email became the main entry point for phishing and business email compromise (BEC), workplace apps now offer rich opportunities for manipulation.
Unlike technical exploits that rely on breaking encryption or bypassing firewalls, these attacks subvert trust signals. A notification, a display name, a quoted message, all of these are subtle cues employees depend on to identify who they are talking to and what was said. If attackers can manipulate those cues, they can influence decision-making itself.