Microsoft’s Teams is introducing a “Chat with Anyone” feature, set for rollout in early November 2025, enabling users to start chats using only an email address, regardless of the invitees’ Teams membership. This new capability has raised security concerns, as it could facilitate phishing scams and malware distribution, potentially leading to sensitive data leaks. The ease of inviting guests via email poses significant risks, as phishing actors could manipulate legitimate invites, tricking users into executing malicious links or providing credentials. Security researchers have pointed out that the feature mirrors tactics employed in OAuth phishing campaigns, further increasing the threat landscape.
Moreover, the lack of prior validation for external participants may result in inadvertent data exposure, as employees could unknowingly communicate proprietary information to impostors. In hybrid working environments, compromised contacts can enable attackers to eavesdrop or escalate privileges, heightening security threats. To mitigate risks, Microsoft recommends disabling the feature using PowerShell and implementing multi-factor authentication alongside regular policy audits and user training against phishing. As Teams evolves, maintaining a balance between innovation and security is vital to prevent convenient features from becoming gateways for cybercriminals.
👉 Pročitaj original: Cyber Security News
