OneClick Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails Files and MFA Codes
A single click on a trusted Microsoft link could have let an attacker pull emails calendar details and indexed files out of Microsoft 365 Copilot Enterprise Search Researchers at Varonis Threat Labs chained three bugs into a oneclick exfiltration path they call SearchLeak Because the link pointed to a real microsoftcom domain traditional antiphishing and URL filtering tools were