This Copilot vulnerability could expose emails, 2FA codes, and other sensitive data

This sneaky attack tricks Microsoft's AI assistant to hand over your data.
The Next Web

A single click on a Microsoft link could have drained your inbox. Here’s how SearchLeak worked.

Varonis chained three bugs in Microsoft 365 Copilot Enterprise Search into a one-click data theft path that bypassed phishing filters and CSP protections.
The Hacker News

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

Microsoft fixed a critical Copilot Enterprise Search flaw that could expose emails, calendars, and indexed files through one ...

With Just 1 Click, Researchers Figured Out How to Hijack Microsoft Copilot to Steal Your Data

A recent Microsoft Copilot exploit demonstrates how AI can make existing cybersecurity bugs even more virulent.
winbuzzer.com

Microsoft Patches Copilot SearchLeak Data-Theft Flaw

Microsoft has patched CVE-2026-42824 after security researchers at Varonis Threat Labs demonstrated a SearchLeak proof-of-concept against its enterprise search assistant. The current chain could push ...
Windows Report

Microsoft Fixes Critical Copilot SearchLeak Vulnerability That Could Expose Emails and Files

Microsoft has fixed a critical vulnerability in Microsoft 365 Copilot Enterprise Search that could have allowed attackers to steal sensitive corporate data with a single click. The flaw, dubbed ...
GhanaWeb - Ghana HomePage

Microsoft 365 Copilot vulnerability: what Ghanaian office workers need to know

A critical Microsoft 365 Copilot flaw let hackers steal emails and documents with one click. Here's what happened and how to stay safe.