A critical vulnerability chain in Microsoft 365 Copilot Enterprise has been patched after researchers demonstrated that a single click on a legitimate Microsoft domain link could silently steal sensitive corporate data, including MFA codes, email contents, calendar details, and confidential files, with no user interaction beyond that click. Dubbed SearchLeak and tracked as CVE-2026-42824, the flaw was uncovered […]
The post Critical SearchLeak Vulnerability Lets Attackers Steal Emails, MFA Codes, and Files via Microsoft 365 Copilot appeared first on Cyber Security News.