A single click mounted a covert, multistage attack against Copilot

Microsoft has fixed a vulnerability in its Copilot AI assistant that allowed hackers to pluck a host of sensitive user data ...

FBI fights leaks by seizing Washington Post reporter’s phone, laptops, and watch

The FBI searched a Washington Post reporter’s home and seized her work and personal devices as part of an investigation into ...

FBI searches home of Washington Post journalist for classified documents, Bondi says

The FBI's search is part of a probe into a federal employee suspected of mishandling classified information, Attorney General ...

ConsentFix debrief: Insights from the new OAuth phishing attack

ConsentFix is an OAuth phishing technique abusing browser-based authorization flows to hijack Microsoft accounts. Push ...

Your Copilot data can be hijacked with a single click - here's how

Attackers could pull sensitive Copilot data, even after the window closed. Researchers have revealed a new attack that requires only one click to execute, bypassing Microsoft Copilot security controls ...