Live Feeds
● LIVE Updated 1h ago · 39 sources tracked

New attack turned Microsoft 365 Copilot into 1-click data theft tool

Microsoft addressed two critical flaws in 365 Copilot that allowed data exfiltration. One vulnerability enabled the theft of MFA codes via one-click command injection. Another zero-click flaw allowed attackers to steal files and chat logs using hidden prompts in emails.

RSS Source map (34)

What changed

New details identify specific CVEs, including a zero-click exploit called EchoLeak and a one-click MFA theft flaw.

Live updates

  1. Microsoft Patches Multiple Critical Copilot Data Theft Vulnerabilities

    Microsoft addressed two critical flaws in 365 Copilot that allowed data exfiltration. One vulnerability enabled the theft of MFA codes via one-click command injection. Another zero-click flaw allowed attackers to steal files and chat logs using hidden prompts in emails.

    What's confirmed:

    • CVE-2025-32711, known as EchoLeak or Copilot SearchLeak, is a zero-click indirect prompt injection vulnerability.
    • EchoLeak affects Copilot integrations in Teams, Outlook, PowerPoint, Excel, and Word.
    • CVE-2026-42824 allowed attackers to steal MFA codes using one-click command injection.
    • Microsoft issued a server-side patch for EchoLeak in June 2025.
    • The EchoLeak exploit bypasses the Cross-Prompt Injection Attempt classifier and Content Security Policy.

    Still unconfirmed:

    • The government issued a warning regarding the Microsoft 365 Copilot security flaw.
    confidence 90%

  2. Varonis Discloses CVE-2026-42824 SearchLeak Vulnerability in M365 Copilot

    A critical-severity attack chain allows external actors to steal enterprise data from Microsoft 365 Copilot tenants via a single click. The exploit can exfiltrate company files, emails, and authentication codes. Microsoft has addressed the flaw.

    What's confirmed:

    • Varonis Threat Labs disclosed CVE-2026-42824 on June 15, 2026.
    • The SearchLeak exploit enables an external attacker to exfiltrate sensitive enterprise data from a Microsoft 365 Copilot tenant with a single click.
    • The attack can steal company files, emails, and authentication codes.
    confidence 100%

  3. Microsoft Patches SearchLeak Data Theft Vulnerability in M365 Copilot

    Microsoft has fixed a critical vulnerability known as SearchLeak in M365 Copilot Enterprise. The flaw allowed attackers to steal files and 2FA codes using a single click via crafted URLs. This attack utilized parameter-to-prompt injections to compromise the target ecosystem.

    What's confirmed:

    • Microsoft patched the SearchLeak vulnerability identified as CVE-2026-42824.
    • The vulnerability allowed for data theft via a crafted URL.
    • The attack used parameter-to-prompt injections.

    Still unconfirmed:

    • The flaw allowed attackers to steal 2FA codes and files with a single click.
    confidence 90%

  4. Varonis Threat Labs Discloses SearchLeak Vulnerability in Microsoft 365 Copilot

    Varonis Threat Labs identified a vulnerability chain called SearchLeak that converts Microsoft 365 Copilot Enterprise Search into a data theft tool. The attack uses a P2P injection to trick the AI into providing malicious links. This allows attackers to steal data from a target's Microsoft ecosystem.

    What's confirmed:

    • Varonis Threat Labs disclosed the SearchLeak vulnerability chain on June 15, 2026.
    • The flaw turns Microsoft 365 Copilot Enterprise Search into a one-click data theft tool.
    • The attack bypasses Copilot safety controls to steal user data and evade detection.

    Still unconfirmed:

    • The vulnerability chain involves two old-fashioned injections and request forgeries triggered by a P2P injection.
    confidence 100%

  5. Microsoft 365 Copilot flaw still enables 1-click data theft despite patch

    A critical vulnerability in Microsoft 365 Copilot Enterprise, called SearchLeak, allows attackers to steal emails, MFA codes, and documents via a single click on a legitimate Microsoft link. The flaw was patched in June but remains actively exploitable. Researchers confirm proof-of-concept attacks work without user interaction, using authentic Microsoft URLs to bypass security. Microsoft rates the flaw as critical, though industry experts question broader LLM security approaches.

    What's confirmed:

    • A critical vulnerability in Microsoft 365 Copilot Enterprise, dubbed SearchLeak (CVE-2026-42824), allows attackers to exfiltrate sensitive data including emails, passwords, calendar events, and SharePoint documents through a malicious URL.
    • The flaw was addressed in a June patch but remains actively exploitable.
    • Attackers can bypass security with a single click on a legitimate Microsoft link.
    • The exploit chains three bugs into a single attack for data theft.
    • Proof-of-concept attacks work without requiring user interaction.
    • Microsoft rates the flaw as critical.

    Still unconfirmed:

    • Industry experts question broader LLM security approaches, though specifics remain unclear.
    confidence 93%

  6. Microsoft 365 Copilot flaw still exploited for silent data theft via one click

    A critical vulnerability in Microsoft 365 Copilot Enterprise, called SearchLeak, allows attackers to steal emails, MFA codes, and documents with a single click on a legitimate Microsoft link. The flaw was patched in June but remains actively exploitable. Researchers confirm proof-of-concept attacks work without user interaction, using authentic Microsoft URLs to bypass security. Microsoft rates the flaw as critical, though industry experts question broader LLM security approaches.

    What's confirmed:

    • A single click on a trusted Microsoft domain link can silently steal sensitive corporate data, including emails, MFA codes, calendar details, and confidential files, with no user interaction beyond the click.
    • The vulnerability, named SearchLeak, was patched in June but remains exploitable in active environments.
    • Attackers chain an AI prompt-injection bug with two classic web flaws to turn Copilot Enterprise Search into a silent data-theft tool.
    • Microsoft rates the flaw as critical, though severity assessments vary among researchers.

    Still unconfirmed:

    • The industry's approach to LLM security is fundamentally flawed due to repeated vulnerabilities like SearchLeak.
    confidence 92%

  7. Microsoft 365 Copilot flaw still enables 1-click data theft despite patch

    A critical vulnerability in Microsoft 365 Copilot Enterprise, called SearchLeak, allows attackers to steal emails, documents, and meeting details with a single click on a trusted Microsoft domain link. The flaw remains exploitable despite a June patch, while a separate phishing kit targets Microsoft 365 tokens. Researchers confirm proof-of-concept attacks work without user interaction, exploiting authentic Microsoft URLs to bypass security controls. Microsoft rates the flaw as critical, though severity assessments vary.

    What's confirmed:

    • A vulnerability chain called SearchLeak allows attackers to exfiltrate sensitive Microsoft 365 Copilot Enterprise data through a single click on a legitimate Microsoft domain link.
    • The attack bypasses traditional security controls because it uses authentic Microsoft.com URLs, making it harder for anti-phishing tools to detect.
    • Researchers have confirmed proof-of-concept attacks exploiting SearchLeak work without requiring user interaction beyond clicking a malicious link.
    • Microsoft has rated the SearchLeak flaw as critical, though severity scores from other assessments vary.

    Still unconfirmed:

    • No confirmed link exists between the SearchLeak vulnerability and the Kali365 phishing kit, though both highlight ongoing risks in Microsoft 365 environments.
    confidence 95%

  8. Microsoft Copilot flaw turned into 1-click data theft tool despite patch

    A patched flaw in Microsoft 365 Copilot Enterprise, called SearchLeak, allows attackers to steal emails, documents, and meeting details with a single click on a trusted Microsoft domain link. Exploitation persists despite a June patch, while a separate phishing kit targets Microsoft 365 tokens. Microsoft calls the flaw critical, but CVSS scores vary. No confirmed link exists between SearchLeak and the Kali365 phishing kit, though both highlight ongoing risks. Researchers confirm proof-of-concept attacks worked without user interaction.

    What's confirmed:

    • A single click on a legitimate Microsoft domain link could exfiltrate emails, calendar details, and indexed files from Microsoft 365 Copilot Enterprise Search without user prompts or additional interaction.
    • The vulnerability chain, named SearchLeak, bypassed traditional anti-phishing and URL filtering tools due to the use of a real microsoft.com domain.
    • Microsoft assigned CVE-2026-42824 to the flaw and marked it as critical, though CVSS scores conflict—6.5 from Microsoft and 7.5 from the National Vulnerability Database.
    • The flaw was mitigated on Microsoft’s backend in early June, meaning customers require no additional action, though researchers demonstrated a proof-of-concept attack.
    • Data exfiltration via SearchLeak worked even after users closed chat windows, indicating persistent access.
    • A separate single-click attack targeting Microsoft Copilot Personal allowed silent exfiltration of sensitive user data via phishing links, now patched.
    • No confirmed evidence links SearchLeak to the Kali365 phishing kit, which maintains access after multi-factor authentication resets.

    Still unconfirmed:

    • Active exploitation of the SearchLeak flaw persists despite the patch, though this has not been independently verified beyond researcher observations.
    • The Kali365 phishing kit may be leveraging similar techniques to SearchLeak, but no direct connection has been confirmed.
    confidence 92%

  9. Microsoft 365 Copilot flaw SearchLeak still exploited via 1-click theft attack

    A critical vulnerability chain in Microsoft 365 Copilot Enterprise, called SearchLeak, allows attackers to steal emails, documents, and meeting details with a single click. Microsoft patched the flaw in early June, but new evidence suggests active exploitation persists. Separately, a phishing kit called Kali365 targets Microsoft 365 tokens, maintaining access even after multi-factor authentication resets. No confirmed evidence links SearchLeak to Kali365, but both highlight ongoing risks in Microsoft’s security posture.

    What's confirmed:

    • A vulnerability chain named SearchLeak in Microsoft 365 Copilot Enterprise lets attackers steal sensitive data—including emails, documents, and meeting details—with a single malicious link.
    • The flaw combines three separate vulnerabilities to bypass standard security protections, including those for multi-factor authentication and user permissions.
    • Microsoft applied a server-side patch for SearchLeak in early June, but no user action was required to mitigate the risk.
    • Varonis researchers disclosed the SearchLeak chain, detailing how attackers could craft links to trigger data exfiltration without triggering alerts.
    • A phishing kit called Kali365 targets Microsoft 365 users by stealing authentication tokens and maintaining access even after password or MFA resets.
    • Kali365 operates through Tencent Cloud and is designed to evade detection by persisting beyond standard credential revocation methods.

    Still unconfirmed:

    • Attackers are actively exploiting the SearchLeak vulnerability chain in the wild, though no confirmed cases of exploitation have been publicly reported.
    • The Kali365 phishing kit may be linked to the same threat actors behind SearchLeak, though no direct evidence connects the two campaigns.
    confidence 95%

  10. Microsoft 365 Copilot patched after one-click data theft flaw

    Microsoft fixed a critical flaw in Copilot Enterprise Search called SearchLeak that allowed attackers to steal emails, MFA codes, files, and meeting details with a single click. The attack chained three vulnerabilities and bypassed standard protections. No evidence of active exploitation has been reported. Microsoft applied a server-side patch in early June without requiring user action.

    What's confirmed:

    • Microsoft patched a critical vulnerability chain in Microsoft 365 Copilot Enterprise Search, named SearchLeak (CVE-2026-42824), which allowed attackers to exfiltrate sensitive data—including emails, MFA codes, OneDrive/SharePoint files, and calendar events—with a single click.
    • The attack relied on three flaws: a parameter-to-prompt injection via the URL 'q' parameter, an HTML rendering race condition, and a Bing server-side request forgery (SSRF) that bypassed Content Security Policy protections.
    • The exploit used a legitimate microsoft.com domain, making it difficult for standard URL filtering and anti-phishing tools to detect.
    • Microsoft applied a server-side fix at the beginning of June 2026, requiring no action from customers.
    • Varonis disclosed a proof-of-concept but reported no observed in-the-wild exploitation of the flaw.
    • The vulnerability affected Microsoft 365 Copilot Enterprise Search specifically, not the broader Copilot platform.

    Still unconfirmed:

    • A separate CoPhish attack using Microsoft Copilot agents to steal OAuth tokens has been reported, but details remain unverified.
    confidence 95%