Storia in 7 fonti

A single click on a Microsoft link could have drained your inbox. Here's how SearchLeak worked.

Varonis chained three bugs in Microsoft 365 Copilot Enterprise Search into a one-click data theft path that bypassed phishing filters and CSP protections.

Raccontata dableepingcomputer.comthehackernews.comthenextweb.comdarkreading.comarstechnica.comcryptobriefing.commashable.com

Confronto fonti

6 prospettive sulla stessa storia

AI · summaries

thenextweb.comStai leggendo1 g fa

A single click on a Microsoft link could have drained your inbox. Here's how SearchLeak worked.

Varonis chained three bugs in Microsoft 365 Copilot Enterprise Search into a one-click data theft path that bypassed phishing filters and CSP protections.

originale

thehackernews.com1 g fa

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

Microsoft fixed a critical Copilot Enterprise Search flaw that could expose emails, calendars, and indexed files through one trusted link.

Leggi questa versione → originale

bleepingcomputer.com1 g fa

New attack turned Microsoft 365 Copilot into 1-click data theft tool

A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target's mailbox, OneDrive, or SharePoint account through a specially crafted URL.

Leggi questa versione → originale

darkreading.com1 g fa

Copilot 'SearchLeak' Attack Allows 1-Click Data Theft

The critical, three-stage attack is now patched, but it's part of a new group of AI prompt-injection issues that use hidden URLs and other variables.

Leggi questa versione → originale

arstechnica.com21 h fa

Critical Copilot vulnerability allowed hackers to seal 2FA code from users

SearchLeak exploit shows why the industry's approach to LLM security fails over and over.

Leggi questa versione → originale

cryptobriefing.com20 h fa

Microsoft patches critical vulnerability in M365 Copilot that allowed silent data theft

Microsoft fixed CVE-2025-32711, a critical zero-click vulnerability in M365 Copilot that allowed silent exfiltration of emails, 2FA codes, and documents via

Leggi questa versione → originale

Timeline cronologica

1. lunedì 15 giugno 2026·bleepingcomputer.com
   

   New attack turned Microsoft 365 Copilot into 1-click data theft tool

   A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target's mailbox, OneDrive, or SharePoint…

2. lunedì 15 giugno 2026·thehackernews.com
   

   One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

   Microsoft fixed a critical Copilot Enterprise Search flaw that could expose emails, calendars, and indexed files through one trusted link.

3. lunedì 15 giugno 2026·thenextweb.com
   

   A single click on a Microsoft link could have drained your inbox. Here's how SearchLeak worked.

   Varonis chained three bugs in Microsoft 365 Copilot Enterprise Search into a one-click data theft path that bypassed phishing filters and CSP protections.

4. lunedì 15 giugno 2026·darkreading.com
   

   Copilot 'SearchLeak' Attack Allows 1-Click Data Theft

   The critical, three-stage attack is now patched, but it's part of a new group of AI prompt-injection issues that use hidden URLs and other variables.

5. martedì 16 giugno 2026·arstechnica.com
   

   Critical Copilot vulnerability allowed hackers to seal 2FA code from users

   SearchLeak exploit shows why the industry's approach to LLM security fails over and over.

6. martedì 16 giugno 2026·arstechnica.com
   

   Critical Copilot vulnerability allowed hackers to steal 2FA code from users

   SearchLeak exploit shows why the industry's approach to LLM security fails over and over.

7. martedì 16 giugno 2026·cryptobriefing.com
   

   Microsoft patches critical vulnerability in M365 Copilot that allowed silent data theft

   Microsoft fixed CVE-2025-32711, a critical zero-click vulnerability in M365 Copilot that allowed silent exfiltration of emails, 2FA codes, and documents via

8. martedì 16 giugno 2026·mashable.com
   

   This Copilot vulnerability could expose emails, 2FA codes, and other sensitive data

   This sneaky attack tricks Microsoft's AI assistant to hand over your data.