Critical Copilot vulnerability allowed hackers to seal 2FA code from users
To bring about the Parameter-to-Prompt Injection an attacker sends the target an email that contains the URL with the syntax https://m365.cloud.microsoft/search/?auth=2&origindomain=microsoft365&q=. The field contains an instruction. Copilot readily complied. “The search functionality is exactly what attackers need, because even with limited capabilities, a user with access to critical information is enough,” the researchers wrote Monday.… Read More: Critical Copilot vulnerability allowed hackers to seal 2FA code from… »