// Alert

Microsoft 365 threat report

A debug flag (setIsDebugMode) left enabled in production code across Microsoft 365 Android apps allowed any co-installed application to silently steal Microsoft account tokens without user interaction. The vulnerability, dubbed FlagLeft, affected Word, PowerPoint, Excel, Microsoft 365 Copilot, Microsoft Loop, and OneNote apps, potentially exposing billions of Android users to account takeover. Microsoft patched all affected apps in May 2026 with CVE-2026-41100, CVE-2026-41101, and CVE-2026-41102 assigned.

// Get alerts for Microsoft 365