New attack turned Microsoft 365 Copilot into 1-click data theft tool
Microsoft 365 Copilot flaw exposed: attackers could steal emails, files, and MFA codes with a single click
Velocity
How fast coverage is spreading — measured hourly from article rate × source diversity. How this works →
The brief
The flaw enabled one-click theft of emails, documents, and multi-factor authentication (MFA) codes by manipulating Copilot’s search functionality. Coverage highlights the severity of the issue, with reports from *The Hacker News*, *BleepingComputer*, and *The420.in* emphasizing the potential for widespread corporate data breaches if left unpatched.
Microsoft’s response included urgent updates across its enterprise suite, though details on the scope of exploitation remain unclear. Security firms are expected to release deeper technical breakdowns, while Microsoft may face scrutiny over Copilot’s security safeguards.
Watch for updates on whether similar vulnerabilities exist in other AI-driven enterprise tools.
Synthesized by PULSE from the headlines below under a strict no-invention contract. ✓ fact-checked: unsupported claims removed (56% supported) Updated 41m ago.
Quick answers
What exactly was the SearchLeak flaw?
A critical vulnerability in Microsoft 365 Copilot that allowed attackers to manipulate its search function to steal emails, files, and MFA codes with a single click, according to security reports.
Has Microsoft confirmed how many users were affected?
Coverage does not yet specify the number of impacted users, but the flaw required patching across Microsoft 365 Copilot deployments.
Are there other AI tools at risk from similar flaws?
While the flaw is specific to Microsoft 365 Copilot, security experts may investigate whether comparable risks exist in other AI-powered enterprise tools.
Coverage (3)
- Microsoft Patches Critical SearchLeak Flaw in 365 Copilot The420.in · 3h ago
- One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes The Hacker News · 3h ago
- New attack turned Microsoft 365 Copilot into 1-click data theft tool BleepingComputer · 3h ago
Topics
Related trends
Sunday Preview – Hedonites head into battle along with a new General’s Handbook
AMD Explains FSR 4.1 Upscaling for RDNA 3, Promises Quality Parity with RDNA 4
AMD announces FSR 4.1 for RDNA 3 hardware, aiming to match the output quality of upcoming RDNA 4 architectures.
If You're Itching for a Gothic Action RPG, Mistfall Hunter's Free Open Beta Is Now Live on PS5
The open beta for the dark fantasy extraction RPG Mistfall Hunter has launched across multiple gaming platforms.
Assassin's Creed Shadows 1.1.11 update announced, patch notes - new story quest, Nintendo Switch 2 handheld GPU improvements, more
Ubisoft’s *Assassin’s Creed Shadows* closes its chapter with a major update—linking to *Black Flag* and teasing Switch 2 optimizations.