Blog/Cybersecurity/Article
Cybersecurity

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

The Hacker News 4h ago Jun 15, 2026 1 min read

A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researc…

A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak. Because the link pointed to a real microsoft.com domain, traditional anti-phishing and URL filtering tools were
This is a summary curated by STELNEX. Read the complete article at The Hacker News.
Read full article →
SHARE

More in Cybersecurity

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers

The Hacker News · 3h ago

⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More

The Hacker News · 5h ago

The Onboarding Password Mistake That Creates Unnecessary Risk

The Hacker News · 8h ago