This Copilot vulnerability could expose emails, 2FA codes, and other sensitive data

This sneaky attack tricks Microsoft's AI assistant to hand over your data.

Critical Copilot vulnerability allowed hackers to steal 2FA code from users

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...
Decrypt

Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft

Researchers say prompt injection attacks could manipulate AI coding agents to access sensitive credentials stored in software ...

Microsoft Copilot vulnerability could allow attackers to exfiltrate 2FA codes and enterprise data

Security researchers identify "SearchLeak" vulnerability in Microsoft Copilot that allows attackers to exfiltrate 2FA codes ...
CPO Magazine

“SearchLeak” Copilot Vulnerability Chain Turns the AI Assistant Into a Data Theft Partner

The Copilot vulnerability chain requires three steps, two of which are old-fashioned injections and request forgeries. But ...

SearchLeak: Critical Microsoft 365 Copilot Flaw Enabled One-Click Theft of Emails, Security Codes and Enterprise Data

Researchers uncovered SearchLeak, a critical Microsoft 365 Copilot flaw that could let attackers steal emails, OTPs and ...
The Hacker News

LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

Three patched LangGraph flaws could let attackers chain SQL injection and unsafe deserialization for RCE in self-hosted ...

Oracle issues out-of-band warning about critical PeopleSoft code injection flaw

Oracle is closing a critical code injection vulnerability in PeopleSoft with an update outside of its usual schedule.