> TritonInfoSec News
Home / Jun 17, 2026 / Story
0
#5 The Hacker News general June 15, 2026 at 15:09 UTC

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

By [email protected] (The Hacker News)

AI Summary

Varonis Threat Labs disclosed a three-bug chain called SearchLeak in Microsoft 365 Copilot Enterprise Search, exploitable with a single click on a legitimate microsoft.com domain link. The attack could exfiltrate emails, calendar entries, indexed files, and MFA codes without triggering URL filtering or anti-phishing tools — Microsoft has since patched the vulnerability.

Read full article → https://thehackernews.com/2026/06/one-click-micros…

Relevance score: 83.0/100

# More from June 17

  1. 1
    Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week The Hacker News
  2. 2
    China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth The Hacker News
  3. 3
    Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw The Hacker News
  4. 4
    Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails The Hacker News
  5. 6
    Atomic Arch Supply Chain Attack Hits 1,500 AUR Packages SecurityWeek
  6. 7
    CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation The Hacker News
  7. 8
    Ransomware gang abuses Microsoft Teams relays to hide malicious traffic BleepingComputer
  8. 9
    Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware The Hacker News
  9. 10
    OptinMonster WordPress plugin hacked in CDN supply-chain attack BleepingComputer