> TritonInfoSec News
Home / Jun 16, 2026 / Story
0
#4 BleepingComputer general June 15, 2026 at 13:00 UTC

New attack turned Microsoft 365 Copilot into 1-click data theft tool

By Bill Toulas

AI Summary

Varonis Threat Labs disclosed 'SearchLeak,' a three-bug chain in Microsoft 365 Copilot Enterprise that allowed a single click on a legitimate microsoft.com URL to exfiltrate emails, OneDrive files, SharePoint content, and MFA codes. The attack exploited trusted domain infrastructure, bypassing standard URL filtering and anti-phishing controls; the vulnerability has since been patched by Microsoft.

Read full article → https://www.bleepingcomputer.com/news/security/new…

Relevance score: 83.0/100

# More from June 16

  1. 1
    Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw The Hacker News
  2. 2
    Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks BleepingComputer
  3. 3
    Chinese hackers breach REDCap servers, steal medical research BleepingComputer
  4. 5
    FBI, Google Dismantle ‘Outsider Enterprise’ Phishing Service SecurityWeek
  5. 6
    Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites The Hacker News
  6. 7
    French Government Messaging Platform Breached by Mysterious ‘Misere’ Hacker SecurityWeek
  7. 8
    Ukrainian Man Pleads Guilty in US to Conti Ransomware Charges SecurityWeek
  8. 9
    Infinite Campus data breach affects 137,000 school staff accounts BleepingComputer
  9. 10
    Ransomware Attack Shuts Down Mills of Australia’s Second-Largest Sugar Producer SecurityWeek