Skip to content
users

users

Critical Copilot vulnerability allowed hackers to seal 2FA code from users

Critical Copilot vulnerability allowed hackers to seal 2FA code from users

To bring about the Parameter-to-Prompt Injection an attacker sends the target an email that contains the URL with the syntax https://m365.cloud.microsoft/search/?auth=2&origindomain=microsoft365&q=. The field contains an instruction. Copilot readily complied. “The search functionality is exactly what…