SearchLeak attack turns Microsoft 365 Copilot into one-click data theft tool
2 hours ago
4 languages5 countries6 sources
Security researchers at Varonis Threat Labs discovered a vulnerability chain called SearchLeak in Microsoft 365 Copilot Enterprise. The exploit allows attackers to steal sensitive data from a target's mailbox, OneDrive, or SharePoint account through a specially crafted URL, using Bing as a proxy server for data exfiltration.
How outlets framed it
The British and US sources focus on the technical exploit chain and the immediate risk of data theft from Microsoft 365 Copilot, emphasizing the need for patching. The French sources highlight the silent, spy-like nature of the attack and the role of Bing as an exfiltration relay. The Russian source describes the attack as a clever chain involving browser features and Bing as a proxy, while the Turkish source is entirely unrelated, reporting on Microsoft 365 Copilot's adoption in the UK's healthcare sector for efficiency, with no mention of security vulnerabilities.
Also covering:
TechRadar
Microsoft 365 Copilot can be turned into a one-click data theft tool — inbox, OneDrive, and SharePoint data all at risk, so patch now
BleepingComputer
New attack turned Microsoft 365 Copilot into 1-click data theft tool
Numerama
SearchLeak : la faille silencieuse qui a transformé Microsoft 365 Copilot en mouchard
Clubic
Comment Microsoft 365 Copilot a pu transformer Bing en relais d’exfiltration de vos données
3DNews
Microsoft 365 Copilot приспособили для кражи корпоративных данных в хитроумной цепочке
ShiftDelete.Net
Microsoft 365 Copilot Sağlık Sektöründe Devrim Yaptı