Data Voids: How to Turn Microsoft CoPilot LLM in a Malware Spreading Vector
What happens if an attacker manages to exploit the trust that a user (or a system) places in CoPilot to instruct a malicious behavior disguised as a legitimate function? This is precisely the goal of…
Read the full articleYou might also wanna read
Microsoft Copilot Security Vulnerability Allows File Access Without Audit Logging
Copilot Broke Your Audit Log, but Microsoft Won’t Tell You
Microsoft Copilot Cowork Vulnerability Enables File Exfiltration via Prompt Injection
A newspaper-style front page for Hacker News.
SearchLeak: How We Turned M365 Copilot Into a One-Click Data Exfiltration Weapon
Varonis Threat Labs discovered SearchLeak, a critical vulnerability chain in Microsoft 365 Copilot Enterprise that allows an attacker to ste
Microsoft 365 Copilot Vulnerability: Mermaid Diagram Attack Enables Data Exfiltration
When Microsoft 365 Copilot (M365 Copilot) was asked to summarize a specially crafted Microsoft Office document, an indirect prompt injection
adamlogue.com·8mo agoSearchLeak: Three-Bug Chain in Microsoft 365 Copilot Could Enable One-Click Data Exfiltration
SearchLeak chains three bugs to enable one-click exfiltration from Microsoft 365 Copilot Enterprise Search, pulling emails, calendar details
Microsoft Copilot Cowork Vulnerability Enables File Exfiltration via Indirect Prompt Injection
Microsoft Copilot Cowork is vulnerable to file exfiltration attacks via indirect prompt injection as a result of insecure automatic action a
promptarmor.com·1mo ago
Comments
Sign in to join the conversation.
No comments yet. Be the first.