Microsoft recently addressed a maximum severity vulnerability in Copilot for Microsoft 365 identified as CVE-2026-42824. The flaw, dubbed SearchLeak, allowed attackers to exfiltrate sensitive data through a single-click exploit involving a specially crafted URL. This vulnerability highlights the ongoing difficulty AI models face in distinguishing between legitimate user instructions and malicious prompts embedded in third-party content. <a href="

Read the original article