Storia in 7 fonti

SearchLeak apre la strada al furto dati su Microsoft 365 Copilot

La vulnerabilità SearchLeak dimostra come la combinazione di prompt injection, race condition e SSRF possa trasformare Microsoft 365 Copilot in uno strumento involontario di esfiltrazione dati. Un episodio che conferma come la sicurezza dell’AI dipenda anche da integrazioni, autorizzazioni e governance dei dati

Raccontata da

Confronto fonti

6 prospettive sulla stessa storia

AI · summaries

cybersecurity360.itStai leggendo5 h fa

SearchLeak apre la strada al furto dati su Microsoft 365 Copilot

originale

ilsoftware.it9 h fa

Falla critica in Microsoft Copilot esponeva codici di autenticazione e dati aziendali

SearchLeak mostra come Microsoft 365 Copilot potesse essere usato per rubare email, codici MFA e documenti aziendali.

Leggi questa versione → originale

bleepingcomputer.com2 g fa

New attack turned Microsoft 365 Copilot into 1-click data theft tool

A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target's mailbox, OneDrive, or SharePoint account through a specially crafted URL.

Leggi questa versione → originale

darkreading.com1 g fa

Copilot 'SearchLeak' Attack Allows 1-Click Data Theft

The critical, three-stage attack is now patched, but it's part of a new group of AI prompt-injection issues that use hidden URLs and other variables.

Leggi questa versione → originale

arstechnica.com1 g fa

Critical Copilot vulnerability allowed hackers to seal 2FA code from users

SearchLeak exploit shows why the industry's approach to LLM security fails over and over.

Leggi questa versione → originale

thenextweb.com2 g fa

A single click on a Microsoft link could have drained your inbox. Here's how SearchLeak worked.

Varonis chained three bugs in Microsoft 365 Copilot Enterprise Search into a one-click data theft path that bypassed phishing filters and CSP protections.

Leggi questa versione → originale

Timeline cronologica

lunedì 15 giugno 2026·bleepingcomputer.com
New attack turned Microsoft 365 Copilot into 1-click data theft tool
A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target's mailbox, OneDrive, or SharePoint…
lunedì 15 giugno 2026·thehackernews.com
One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes
Microsoft fixed a critical Copilot Enterprise Search flaw that could expose emails, calendars, and indexed files through one trusted link.
lunedì 15 giugno 2026·thenextweb.com
A single click on a Microsoft link could have drained your inbox. Here's how SearchLeak worked.
Varonis chained three bugs in Microsoft 365 Copilot Enterprise Search into a one-click data theft path that bypassed phishing filters and CSP protections.
lunedì 15 giugno 2026·darkreading.com
Copilot 'SearchLeak' Attack Allows 1-Click Data Theft
The critical, three-stage attack is now patched, but it's part of a new group of AI prompt-injection issues that use hidden URLs and other variables.
martedì 16 giugno 2026·arstechnica.com
Critical Copilot vulnerability allowed hackers to seal 2FA code from users
SearchLeak exploit shows why the industry's approach to LLM security fails over and over.
martedì 16 giugno 2026·arstechnica.com
Critical Copilot vulnerability allowed hackers to steal 2FA code from users
SearchLeak exploit shows why the industry's approach to LLM security fails over and over.
mercoledì 17 giugno 2026·ilsoftware.it
Falla critica in Microsoft Copilot esponeva codici di autenticazione e dati aziendali
SearchLeak mostra come Microsoft 365 Copilot potesse essere usato per rubare email, codici MFA e documenti aziendali.
mercoledì 17 giugno 2026·cybersecurity360.it
SearchLeak apre la strada al furto dati su Microsoft 365 Copilot
La vulnerabilità SearchLeak dimostra come la combinazione di prompt injection, race condition e SSRF possa trasformare Microsoft 365 Copilot in uno strumento involontario di…

SearchLeak apre la strada al furto dati su Microsoft 365 Copilot

Falla critica in Microsoft Copilot esponeva codici di autenticazione e dati aziendali

New attack turned Microsoft 365 Copilot into 1-click data theft tool

Copilot 'SearchLeak' Attack Allows 1-Click Data Theft

Critical Copilot vulnerability allowed hackers to seal 2FA code from users

A single click on a Microsoft link could have drained your inbox. Here's how SearchLeak worked.

Timeline cronologica

New attack turned Microsoft 365 Copilot into 1-click data theft tool

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

A single click on a Microsoft link could have drained your inbox. Here's how SearchLeak worked.

Copilot 'SearchLeak' Attack Allows 1-Click Data Theft

Critical Copilot vulnerability allowed hackers to seal 2FA code from users

Critical Copilot vulnerability allowed hackers to steal 2FA code from users

Falla critica in Microsoft Copilot esponeva codici di autenticazione e dati aziendali

SearchLeak apre la strada al furto dati su Microsoft 365 Copilot

SearchLeak apre la strada al furto dati su Microsoft 365 Copilot

Falla critica in Microsoft Copilot esponeva codici di autenticazione e dati aziendali

New attack turned Microsoft 365 Copilot into 1-click data theft tool

Copilot 'SearchLeak' Attack Allows 1-Click Data Theft

Critical Copilot vulnerability allowed hackers to seal 2FA code from users

A single click on a Microsoft link could have drained your inbox. Here's how SearchLeak worked.

Timeline cronologica

New attack turned Microsoft 365 Copilot into 1-click data theft tool

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

A single click on a Microsoft link could have drained your inbox. Here's how SearchLeak worked.

Copilot 'SearchLeak' Attack Allows 1-Click Data Theft

Critical Copilot vulnerability allowed hackers to seal 2FA code from users

Critical Copilot vulnerability allowed hackers to steal 2FA code from users

Falla critica in Microsoft Copilot esponeva codici di autenticazione e dati aziendali

SearchLeak apre la strada al furto dati su Microsoft 365 Copilot