Three chained bugs in Microsoft 365 Copilot allowed attackers to exfiltrate corporate data via a legitimate microsoft.com link, as traditional anti-phishing filters did not block legitimate sources.
Grammar-Constrained Decoding (GCD), a technique for ensuring syntactically correct code, opens a new jailbreak method for attackers with a success rate over 30 percentage points higher than previous approaches.
Of 206 patched vulnerabilities, 39 are classified as critical, including 56 remote code execution and 63 privilege escalation flaws, with three publicly disclosed zero-days.
