THREAT OPS › Threat News › Copirate 365 at DEF CON: Plundering in the Depths of Microsoft Copilot (CVE-2026-24299)
Copirate 365 at DEF CON: Plundering in the Depths of Microsoft Copilot (CVE-2026-24299)
<p>This is a writeup of my <a href="https://defcon.org/html/defcon-singapore/dc-singapore-talks.html">DEF CON Singapore</a> talk that walks through vulnerabilities and exploits in M365 Copilot and Consumer Copilot. I disclosed these to Microsoft last year. MSRC assigned <a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-24299">CVE-2026-24299</a> and the issues are now pa
MITRE ATT&CK techniques
- VulnerabilitiesT1588.006
Indicators of compromise
- CVE-2026-24299cve
- https://defcon.org/html/defcon-singapore/dc-singapore-talks.htmlurl
Original source: https://embracethered.com/blog/posts/2026/defcon-talk-copirate-365/