Microsoft-Teams

The Iranian state-sponsored hacking group known as MuddyWater (also as Mango Sandstorm, Seedworm, and Static Kitten) has been implicated in a “false flag” ransomware attack, according to a report from Rapid7. This incident, observed in early 2026, shows increasing sophistication and an attempt to blur attribution by adopting cybercrime tactics. False Flag Attack and Sophisticated Tactics The initial attack appeared consistent with a ransomware-as-a-service (RaaS) group operating under the Chaos brand. However, evidence suggests this is a state-backed targeted attack disguised as opportunistic extortion. ...

Ontinue security researchers have discovered a “cross-tenant blind spot” in Microsoft Teams that allows attackers to bypass Microsoft Defender for Office 365 protections using the guest access feature. The problem is that when a user operates as a guest in an external tenant, their security protections are determined entirely by the hosting environment, and not by the security policies of their home organization. This fundamental architectural gap opens the door to attack scenarios where users become unprotected guests in a malicious environment controlled by the attacker. ...