Varonis Threat Labs uncovered SearchLeak, a one-click attack chain against Microsoft 365 Copilot Enterprise Search that could exfiltrate emails, calendar details, and indexed files through a trusted microsoft.com link. Microsoft assigned CVE-2026-42824 and mitigated the issue on the backend, while defenders are advised to monitor suspicious q-parameter payloads and unusual Bing image requests. #Microsoft365Copilot #SearchLeak #CVE-2026-42824 #VaronisThreatLabs #EchoLeak
Keypoints
- SearchLeak used a trusted Microsoft link to trigger one-click data theft.
- The attack chained prompt injection, a rendering race, and Bing image fetches.
- Microsoft assigned CVE-2026-42824 and mitigated the flaw on its backend.
- Attackers could steal MFA codes, password-reset links, calendar data, and SharePoint or OneDrive files.
- Defenders should watch for encoded q parameters and unusual Bing outbound requests.
Read More: https://thehackernews.com/2026/06/one-click-microsoft-365-copilot-flaw.html