THREAT OPS › Threat News › SearchLeak: How We Turned M365 Copilot Into a One-Click Data Exfiltration Weapon
SearchLeak: How We Turned M365 Copilot Into a One-Click Data Exfiltration Weapon
<p><a href="https://www.varonis.com/varonis-threat-labs?hsLang=en">Varonis Threat Labs</a> has uncovered a new three-stage vulnerability chain that turns Microsoft 365 Copilot Enterprise Search into a silent data exfiltration weapon.</p> <p>Dubbed SearchLeak, the chain combines a relatively new class of AI-specific vulnerability known as Parameter-to-Prompt Injection (P2P) with two classic web s
MITRE ATT&CK techniques
Indicators of compromise
- CVE-2026-42824cve
- https://m365.cloud.microsoft/search/?auth=2&origindomain=microsoft365&q=<PROMPT>url
- attacker.comdomain
- bing.comdomain
- www.bing.comdomain
- track.hubspot.comdomain
- 2fwww.varonis.comdomain
- 252fwww.varonis.comdomain
Original source: https://www.varonis.com/blog/searchleak