Hackers turn Microsoft 365 Copilot into a one-click data theft tool
Varonis uncovered “SearchLeak,” chaining three flaws in Microsoft 365 Copilot to enable one‑click data theft Attack exploited prompt injection, HTML race condition, and Bing SSRF to exfiltrate inbox, OneDrive, and SharePoint data Microsoft patched CVE‑2026‑42824 earlier this month, rating it 10/10 … …