> TritonInfoSec News
Home / Jun 18, 2026 / Story
0
#9 Ars Technica Security general June 16, 2026 at 11:15 UTC

Critical Copilot vulnerability allowed hackers to seal 2FA code from users

By Dan Goodin

AI Summary

A critical vulnerability dubbed 'SearchLeak' in Microsoft Copilot allowed attackers to steal users' 2FA codes via prompt injection, demonstrating once again that LLM-integrated tools inherit and amplify traditional web security flaws. The exploit illustrates how indirect prompt injection through search results can weaponize AI assistants against the very users they serve.

Read full article → https://arstechnica.com/security/2026/06/critical-…

Relevance score: 78.0/100

# More from June 18

  1. 1
    Massive breach spills credentials for thousands of sensitive networks Ars Technica Security
  2. 2
    FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices. BleepingComputer
  3. 3
    Critical Fortinet FortiSandbox flaws now exploited in attacks BleepingComputer
  4. 4
    Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development The Hacker News
  5. 5
    144 Mastra npm Packages Compromised via Hijacked Contributor Account The Hacker News
  6. 6
    CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution The Hacker News
  7. 7
    Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack SecurityWeek
  8. 8
    GitHub dismissed security reports on flaws now exploited by supply-chain worm, researchers say The Record
  9. 10
    Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats The Hacker News