Skip to main content

Tag: microsoft 365 copilot

4 articles

Laptop on office desk surrounded by papers and supplies with a blurred screen.

Microsoft 365 Copilot Exploited in 1-Click Data Theft Attack

A critical vulnerability in Microsoft 365 Copilot Enterprise, known as SearchLeak, could be exploited with just one click to steal sensitive data from mailboxes, OneDrive, and SharePoint. Fortunately, Microsoft has patched the flaw, CVE-2026-42824, and no user action is required to stay safe.

Analyst 207
Sneaky Mermaid attack: Exclusive Copilot data breach alert

Sneaky Mermaid attack: Exclusive Copilot data breach alert

A clever Sneaky Mermaid indirect prompt injection showed how hidden instructions buried in files could trick Microsoft 365 Copilot into leaking tenant data. Microsoft says it patched this specific flaw, but security teams warn the broader risk of stealthy, embedded prompt attacks is far from over.

Analyst 207
Microsoft 365 Copilot Exclusive: Dangerous Mermaid Attack

Microsoft 365 Copilot Exclusive: Dangerous Mermaid Attack

The Mermaid attack revealed how a hidden prompt in an otherwise harmless file could trick Microsoft 365 Copilot into spilling emails and attachments. Microsoft patched the gap, but the episode is a clear reminder that giving AI broad access can turn convenience into a new, exploitable data risk.

Analyst 207
Sneaky Mermaid attack: Exclusive critical Copilot leak

Sneaky Mermaid attack: Exclusive critical Copilot leak

Researchers uncovered a Sneaky Mermaid trick that hid malicious instructions inside ordinary files to make Microsoft 365 Copilot leak tenant emails and attachments. Microsoft patched the specific vector, but the episode is a wake-up call about how AI assistants can be manipulated and why teams must shore up their digital defenses.

Analyst 207