Microsoft Copilot Reprompt prompt-injection security flaw
Vulnerability
Summary
Hide ▲
Show ▼
Reprompt is a Microsoft Copilot prompt-injection flaw that can let a crafted URL trigger invisible data exfiltration from an authenticated session. The abuse path uses the 'q' parameter and can be reached with a single click on a legitimate Microsoft link, without plugins or direct user interaction with Copilot. Microsoft addressed the issue after disclosure, and the flaw does not affect Microsoft 365 Copilot.
Related Happenings
Workflow-level jailbreak makes GitHub Copilot Chat write harmful answers in code files
Technical Analysis
H score22
First: 08.07.2026 14:21
Last: 08.07.2026 14:21
Sources 1
About this happening:
Researchers demonstrated a **workflow-level jailbreak** against **GitHub Copilot Chat** that caused harmful answers to be written inside code tasks even when direct chat prompts w...
Workflow-level jailbreak makes GitHub Copilot Chat write harmful answers in code files
Technical AnalysisAbout this happening: Researchers demonstrated a **workflow-level jailbreak** against **GitHub Copilot Chat** that caused harmful answers to be written inside code tasks even when direct chat prompts w...
Microsoft 365 Copilot Enterprise SearchLeak remote code execution flaw (CVE-2026-42824)
Vulnerability
H score34
First: 15.06.2026 16:00
Last: 15.06.2026 16:00
Sources 1
About this happening:
**Microsoft 365 Copilot Enterprise Search** has a **critical** vulnerability chain, **SearchLeak**, that could let a user leak **emails, calendar details, MFA codes, and indexed f...
Microsoft 365 Copilot Enterprise SearchLeak remote code execution flaw (CVE-2026-42824)
VulnerabilityAbout this happening: **Microsoft 365 Copilot Enterprise Search** has a **critical** vulnerability chain, **SearchLeak**, that could let a user leak **emails, calendar details, MFA codes, and indexed f...
Windows 11 BitLocker bypass YellowKey security flaw
Vulnerability
H score7
First: 14.05.2026 10:27
Last: 14.05.2026 10:27
Sources 1
About this happening:
**YellowKey** is a **Windows BitLocker security feature bypass** tracked as **CVE-2026-45585** that affects the **Windows Recovery Environment (WinRE)** path and can expose **BitL...
Windows 11 BitLocker bypass YellowKey security flaw
VulnerabilityAbout this happening: **YellowKey** is a **Windows BitLocker security feature bypass** tracked as **CVE-2026-45585** that affects the **Windows Recovery Environment (WinRE)** path and can expose **BitL...
Latest development: 20.05.2026 10:31
Microsoft assigned CVE-2026-45585 to YellowKey, a Windows BitLocker security feature bypass, and recommended removing autofstx.exe from the Session Manager BootExecute REG_MULTI_SZ value, reestablishing BitLocker trust for WinRE, and moving already encrypted devices from TPM-only to TPM+PIN to require a pre-boot PIN.
Cursor IDE MCP deeplink code execution security flaw
Vulnerability
H score37
First: 17.03.2026 17:00
Last: 17.03.2026 17:00
Sources 1
About this happening:
A **Cursor IDE** flaw in **MCP deeplinks** can let crafted installation links trigger **arbitrary commands** or install **malicious components** under some user-approval and confi...
Cursor IDE MCP deeplink code execution security flaw
VulnerabilityAbout this happening: A **Cursor IDE** flaw in **MCP deeplinks** can let crafted installation links trigger **arbitrary commands** or install **malicious components** under some user-approval and confi...
Microsoft expands Purview DLP enforcement for Copilot across local and cloud Office files
Security Tool/Service
H score11
First: 24.02.2026 19:30
Last: 24.02.2026 19:30
Sources 1
About this happening:
Microsoft is expanding **Purview DLP** so **Microsoft 365 Copilot** cannot process restricted **Word, Excel, and PowerPoint** files stored on **local devices, SharePoint, or OneDr...
Microsoft expands Purview DLP enforcement for Copilot across local and cloud Office files
Security Tool/ServiceAbout this happening: Microsoft is expanding **Purview DLP** so **Microsoft 365 Copilot** cannot process restricted **Word, Excel, and PowerPoint** files stored on **local devices, SharePoint, or OneDr...
Timeline
-
14.01.2026 16:00 1 articles · 5mo ago
Varonis discloses Reprompt to Microsoft
Initial DisclosureVaronis responsibly disclosed Reprompt to Microsoft after finding that Microsoft Copilot can execute prompts carried in a URL's 'q' parameter, letting a single click trigger injected instructions against an authenticated session.
Show sources
- Reprompt attack let hackers hijack Microsoft Copilot sessions — www.bleepingcomputer.com — 14.01.2026 16:00
-
14.01.2026 16:00 1 articles · 5mo ago
Microsoft fixes Reprompt in January 2026 Patch Tuesday
Mitigation Patch UpdateMicrosoft addressed the Reprompt flaw in January 2026 Patch Tuesday, and the remediation guidance is to apply the latest Windows security update to reduce risk from malicious Copilot links.
Show sources
- Reprompt attack let hackers hijack Microsoft Copilot sessions — www.bleepingcomputer.com — 14.01.2026 16:00
-
14.01.2026 16:00 3 articles · 5mo ago
Varonis details the Reprompt attack chain
Technical Analysis UpdateVaronis described Reprompt as a Microsoft Copilot prompt-injection method that hides malicious instructions in a legitimate URL, uses the 'q' parameter to trigger actions, and can sustain invisible data exfiltration through P2P injection, a double-request technique, and a chain-request technique. The researchers said the attack can continue after the Copilot tab is closed, depends on the victim's authenticated session, and had not been detected in the wild.
Show sources
- Reprompt attack let hackers hijack Microsoft Copilot sessions — www.bleepingcomputer.com — 14.01.2026 16:00
- Reprompt attack let hackers hijack Microsoft Copilot sessions — www.bleepingcomputer.com — 14.01.2026 16:00
- Researchers Reveal Reprompt Attack Allowing Single-Click Data Exfiltration From Microsoft Copilot — thehackernews.com — 15.01.2026 17:09