A single click on a crafted link could cause M365 Copilot to search your mailbox and mail the results via Bing. No typing, no download, no warning. 3 old low-severity bugs stitched together by prompt injection into one critical hole.
www.bleepingcomputer.com/news/securit...
#AI #Cybersecurity
A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target's mailbox, OneDrive, or SharePoint account through a sp...
