THREATNOIR
Subscribe
Back to advisories

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

A critical vulnerability in Microsoft 365 Copilot Enterprise Search allowed attackers to steal emails, files, and MFA codes through a single malicious click. The flaw chained three bugs including prompt injection and used Bing image search to exfiltrate data, bypassing standard security controls. All M365 Copilot Enterprise users are affected until backend mitigations are verified.

CRITICALAdvisoryJun 16, 2026
Action required
Immediately audit M365 Copilot Enterprise access logs for suspicious Bing image search requests and anomalous data access patterns. Cross-reference with email and file exfiltration indicators. Escalate any suspicious activity for credential review and MFA reset.
Affected products
Microsoft 365 Copilot Enterprise SearchMicrosoftCopilot PersonalVaronis Threat Labs
Linked articles
Source links