A single click on a Microsoft link could have drained your inbox. Here’s how SearchLeak worked.
Security researchers at Varonis Threat Labs have disclosed a vulnerability chain in Microsoft 365 Copilot Enterprise Search that could have let an attacker steal emails, calendar entries, and indexed files with a single click. The attack, which Varonis calls SearchLeak, worked through a crafted URL on a legitimate microsoft.com domain, meaning traditional anti-phishing and URL […] This story continues at The Next Web
Security researchers identified a flaw in Microsoft 365 Copilot Enterprise Search that allowed unauthorized access to user data. The vulnerability could be exploited through a specially crafted URL on a trusted domain. Attackers could potentially steal emails, calendar data, and files with minimal interaction. The flaw was discovered by Varonis Threat Labs. The attack method bypassed standard phishing detection mechanisms. Microsoft has since addressed the issue. Users are advised to remain vigilant against suspicious links. This highlights the importance of continuous security monitoring.
It underscores the risks of even trusted domains being exploited for data breaches.
📌 Kaynak
Bu özet World kaynağından otomatik derlenmiştir. Tamamı için orijinal habere gidin.
Orijinal haberi oku →