4 articles tagged with "Copilot"
CVE-2026-26129, CVE-2026-26164, and CVE-2026-33111 allowed information disclosure via injection attacks in Microsoft 365 Copilot. No admin action required.
CVE-2026-26144 allows attackers to silently exfiltrate sensitive data through Microsoft Copilot Agent without user interaction. Patch now or disable Copilot.
Microsoft confirms Copilot bug bypassed DLP policies, reading confidential emails without authorization. European Parliament blocked Copilot over concerns.
Varonis researchers disclosed a vulnerability chain that let attackers exfiltrate user data through Copilot with a single malicious link click. Microsoft has patched the issue.