The Hacker News

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

Debug flag disabled Microsoft 365 Android token checks, letting untrusted apps access accounts; patches issued May 12 to ...
Android

Billions of Microsoft Apps Users Were Left Vulnerable to Account Hack: Here's How

Security researchers at Enclave have detailed “FlagLeft,” a critical vulnerability affecting six Microsoft 365 apps on Android, including Word, Excel, and Copilot. The issue stemmed from a single ...