SearchLeak: Exploiting M365 Copilot for One-Click Data Exfiltration

The post references a report titled SearchLeak, detailing how researchers demonstrated a method to exploit Microsoft 365 Copilot for automated data exfiltration. The technique reportedly allows attackers to extract sensitive information with minimal user interaction, functioning as a 'one-click' attack. The linked blog post from Varonis provides further details on the vulnerability and its potential impact.