One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search.

Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak. Because the link pointed to a real microsoft.com domain, traditional anti-phishing and URL filtering tools were

Source: The Hacker News

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Dutch Railways offers unlimited off-peak train travel nationwide for €49/month

Dutch Railways offers unlimited off-peak train travel nationwide for €49/month Source: Hacker News

Read More

Attack Update: Top 5 Attack-IPs auf doode.info – 15.06.2026

Watchtower Attack Update. Hier die aktuellen Top 5 Attack-IPs, die auf doode.info klopfen. 89.167.35.212 — 153 requests (recent log) 213.209.159.175 — 59 requests (recent log) 192.253.248.169 — 59 requests (recent

Read More

The Competitive Moat That AI Can’t Replicate

The Competitive Moat That AI Can’t Replicate Source: Hacker News

Read More