One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search.

Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak. Because the link pointed to a real microsoft.com domain, traditional anti-phishing and URL filtering tools were

Source: The Hacker News

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

From Assistive to Agentic: The AI Shift That’s Redefining Threat Management

From Assistive to Agentic: The AI Shift That’s Redefining Threat Management Introduction The average enterprise security team has 40 or more security tools, giving a lot of visibility into internal

Read More

Curl will not accept vulnerability reports during July 2026

Curl will not accept vulnerability reports during July 2026 Source: Hacker News

Read More

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known

Read More