Tag: Microsoft 365
Critical SearchLeak Chain Enabled One-Click Data Theft via Microsoft 365 Copilot
The SearchLeak chain weaponized three vulnerabilities in Microsoft 365 Copilot to exfiltrate sensitive data before server side sanitization could stop…
Device Code Phishing Campaigns Exploit Microsoft Authentication Flow
Cybercriminals are using Microsoft's OAuth device authorization flow to steal authentication tokens through phishing campaigns that bypass traditional security tools.