Researchers Uncover "Reprompt" Attack Exploiting Microsoft Copilot to Steal Sensitive Data

Researchers from the company Varonis have identified an attack named Reprompt, which allows attackers to hijack Microsoft Copilot sessions and exfiltrate sensitive data. Exploiting this vulnerability required only a click on a malicious link, without the need for plugins or complex manipulations. No specific date or additional technical details (such as CVE references) are mentioned. The impact includes the theft of confidential data through the hijacking of active sessions. Source: https://xakep.ru/2026/01/16/reprompt/