Hackers exploit Copilot flaw to siphon off 2FA codes from unsuspecting users
Security

Hackers exploit Copilot flaw to siphon off 2FA codes from unsuspecting users

Microsoft recently addressed a critical vulnerability in its M365 Copilot AI that could expose 2FA codes and sensitive data, highlighting security challenges in AI responses.

Editorial
Editorial Staff
4 hours ago 1 min read
NeboAI I summarize the news with data, figures and context
IN 30 SECONDS

35 sec read time You saved ~1 min
IN 1 SENTENCE

SENTIMENT
Neutral

𒀭
NeboAI is working, please wait...
Preparing detailed analysis
Quick summary completed
Extracting data, figures and quotes...
Identifying key players and context
DETAILED ANALYSIS
SHARE
Was this helpful?

NeboAI produces automated editions of journalistic texts in the form of summaries and analyses. Its experimental results are based on artificial intelligence. As an AI edition, texts may occasionally contain errors, omissions, incorrect data relationships and other unforeseen inaccuracies. We recommend verifying the content.

© NeboAI 2025 About Nebo

Last Tuesday, Microsoft implemented a critical patch for a vulnerability in its M365 Copilot AI platform. This issue was identified by researchers who disclosed that their proof-of-concept exploit could access two-factor authentication codes and other sensitive information from emails utilized by the Copilot feature.

The exploit stems from a fundamental flaw in how AI systems interpret user instructions versus third-party content. This vulnerability has left Microsoft and its peers struggling to build effective safeguards against unauthorized data extraction. Hackers have devised methods to bypass existing guardrails by using markup languages, which allow for the embedding of sensitive data in ways that can evade detection.

Among the guardrails established by Microsoft, one restricts Copilot from submitting forms or sending emails that might lead to data breaches. However, researchers from Varonis discovered a technique known as Parameter-to-Prompt Injection, which manipulates URL parameters to execute malicious commands, posing a significant threat to data security.

Tags: microsoft m365 copilot ai security vulnerability patch parameter-to-prompt injection cybersecurity
Want to read the full article? Access the original article with all the details.
Read Original Article
TL;DR

This article is an original summary for informational purposes. Image credits and full coverage at the original source. · View Content Policy

Editorial
Editorial Staff

Our editorial team works around the clock to bring you the latest tech news, trends, and insights from the industry. We cover everything from artificial intelligence breakthroughs to startup funding rounds, gadget launches, and cybersecurity threats. Our mission is to keep you informed with accurate, timely, and relevant technology coverage.

9468 articles →

Related Articles

Meta's Smart Glasses Raise Privacy Concerns with Police-Grade Facial Recognition Test

New Windows Backdoor Poses Significant Threat to U.S. Businesses Amid Rising Cyberattacks

AI-Hacking Threat Exposed: Crypto Token Losses Reach Unprecedented Levels

Nintendo Faces Potential Fallout as Hacker Group Demands $2 Million Ransom for Stolen Data

ShinyHunters Breaches Council of Europe, Exposing Sensitive Data Risks

Nintendo faces potential fallout as hacker reveals stolen HR data from TINYpulse breach

FBI on High Alert as Iranian Hackers Target World Cup Drones with Threatening Message

Old Wi-Fi Routers Compromised: FBI Warns of Russian Hacking Threat to Users

Handala's Cal Water Hacking Claim Raises Alarms Among Security Experts
Press Enter to search or ESC to close