BREAKING
SearchLeak: One-Click Copilot Flaw
CVE-2026-42824 at a Glance
TargetCopilot
Enterprise Search
Microsoft Graph permissions
Data at RiskCritical
Email, files, calendar
Even MFA and OTP codes
How the Attack Chain Worked
1Click trusted URL
2P2P prompt injection
3img race condition
4SSRF bypass CSP
Legit Domain Beats URL Filters
Echoes of EchoLeak and Reprompt
Patched, No Known Exploitation
AI NEWS BLITZ
A one-click flaw in Microsoft 365 Copilot could leak your data, and it's now patched.