O365 cyber security information

Microsoft has a lot of documentation, white papers and such on how secure Office 365 is and the methods plus processes around this.  You'll find a lot of information in the https://servicetrust.microsoft.com/ and https://www.microsoft.com/en-us/trustcenter/cloudservices/office365. Also, I have put together some of these related white papers in this https://gallery.technet.microsoft.com/exchange/Office-365-Security-and-555f4d81. 

There is also the official blog of the https://blogs.technet.microsoft.com/office365security/ but it's infrequently updated. Also, the Security, Privacy and Compliance Blog and https://cloudblogs.microsoft.com/microsoftsecure/ are available. 

What you don't always see is an acknowledgement of particular vulnerabilities, that I have noticed anyway.  A recent example is baseStriker if there was an official public response, I can't find it.  https://www.avanan.com/resources/basestriker-vulnerability-office-365 bypassed email checks on malicious links by splitting the base domain and path separately.  While this got fixed, taking a couple of weeks, it was only the researcher who discovered the issue that disclosed this resolution.