Forum Discussion
O365 cyber security information
Microsoft has a lot of documentation, white papers and such on how secure Office 365 is and the methods plus processes around this. You'll find a lot of information in the https://servicetrust.microsoft.com/ and https://www.microsoft.com/en-us/trustcenter/cloudservices/office365. Also, I have put together some of these related white papers in this https://gallery.technet.microsoft.com/exchange/Office-365-Security-and-555f4d81.
There is also the official blog of the https://blogs.technet.microsoft.com/office365security/ but it's infrequently updated. Also, the Security, Privacy and Compliance Blog and https://cloudblogs.microsoft.com/microsoftsecure/ are available.
What you don't always see is an acknowledgement of particular vulnerabilities, that I have noticed anyway. A recent example is baseStriker if there was an official public response, I can't find it. https://www.avanan.com/resources/basestriker-vulnerability-office-365 bypassed email checks on malicious links by splitting the base domain and path separately. While this got fixed, taking a couple of weeks, it was only the researcher who discovered the issue that disclosed this resolution.
For O365/Azure security, stick to a mix of official and community sources. The Microsoft Security Blog and Microsoft Security Response Center are key for real threats, vulnerabilities, and updates.
You can also follow The Hacker News or Krebs on Security for independent insights.
Overall, O365 is secure, but most risks come from misconfigurations—so staying updated and monitoring your tenant is critical.