In a nutshell: Attack exploits security flaw in Copilot Enterprise for one-click data theft from Microsoft productivity platforms.
A vulnerability chain called SearchLeak in Microsoft 365 Copilot Enterprise allows attackers to extract sensitive data from a target user’s mailbox, OneDrive or SharePoint through a specially crafted URL.
A vulnerability chain designated SearchLeak has been identified in Microsoft 365 Copilot Enterprise. It enables attackers to access confidential data from cloud storage and email systems of target users. The attack works via a specially crafted URL that a user only needs to click to trigger the theft – without requiring any further user interaction.
The vulnerability affects the search functionality in Copilot Enterprise and makes it possible to extract confidential content from multiple Microsoft services: emails from Exchange, files from OneDrive, and documents and data from SharePoint instances. This poses a critical risk particularly for enterprises that operate Copilot Enterprise productively in their cloud infrastructure.
For CISOs, this security flaw represents an immediate threat to all Copilot Enterprise implementations. The one-click nature of the attack significantly lowers the technical barrier to successful attacks. Employees can be tricked via social engineering or crafted links in emails to open the URL without requiring any additional malware or exploitable user behavior.
It is recommended to review the current status of Microsoft 365 Copilot Enterprise in your infrastructure, apply security patches promptly, and educate users not to click on suspicious links.
Source: www.bleepingcomputer.com · Published 15 June 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.