A single click on a Microsoft link could have drained your inbox. Here’s how SearchLeak worked. (opens in new tab)

Security researchers at Varonis Threat Labs have disclosed a vulnerability chain in Microsoft 365 Copilot Enterprise Search that could have let an attacker steal emails, calendar entries, and indexed files with a single click. The attack, which Varonis calls SearchLeak, worked through a crafted URL on a legitimate microsoft.com domain, meaning traditional anti-phishing and URL […] at The Next Web