A critical vulnerability chain named SearchLeak (CVE-2026-42824) affects Microsoft 365 Copilot Enterprise, allowing attackers to steal sensitive data including emails, calendar details, files, and MFA codes via a specially crafted URL.

Entities

MicrosoftVaronis Threat LabsMicrosoft 365 Copilot

Score total

1.33

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

The vulnerability was recently discovered and publicly disclosed, requiring immediate attention.
Attackers could exploit this flaw with minimal user interaction—a single click.
Organizations using Microsoft 365 Copilot Enterprise need to assess and mitigate this risk promptly.

Why it matters

The vulnerability enables attackers to bypass traditional anti-phishing defenses using legitimate microsoft.com URLs.
It exposes sensitive enterprise data including emails, files, and MFA codes, risking data breaches.
Highlights security risks in AI-powered enterprise tools like Microsoft 365 Copilot.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: medium

Recurring claims

SearchLeak vulnerability allows attackers to steal emails, files, calendar details, and MFA codes from Microsoft 365 Copilot Enterprise via a one-click attack.

How sources frame it

BleepingComputer: neutral

Consolidated multiple reports into a clear narrative emphasizing the criticality and unique bypass method of the SearchLeak vulnerability.

All evidence

SearchLeak vulnerability allows data theft from Microsoft 365 Copilot Enterprise

SC Media · scworld.com · 2026-06-15 22:53 UTC

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

thehackernews · thehackernews.com · 2026-06-15 15:09 UTC

New attack turned Microsoft 365 Copilot into 1-click data theft tool

bleepingcomputer_all · bleepingcomputer.com · 2026-06-15 13:00 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 3Origin domains: 3Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 3 / 0

Top publishers (this list)

SC Media (1)
thehackernews (1)
bleepingcomputer_all (1)

Top origin domains (this list)

scworld.com (1)
thehackernews.com (1)
bleepingcomputer.com (1)