Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Microsoft 365 Copilot work tab DLP bypass security flaw

Vulnerability
First reported
Last updated
Happening score
H score 14
1 unique sources, 2 articles

Summary

Hide ▲

Microsoft 365 Copilot has a DLP-bypass vulnerability in its work tab chat that can summarize confidential email content, creating a risk that protected messages are processed by automated tools. The flaw affects mail stored in Sent Items and Drafts, including messages with confidentiality and sensitivity labels. Microsoft says a fix began rolling out in early February while it continues to monitor the deployment.

Related Happenings

Microsoft Exchange Server spoofing/XSS flaw under active exploitation (CVE-2026-42897)

Vulnerability
First: 15.05.2026 09:19 Last: 15.05.2026 09:19 Sources 1

About this happening: **CVE-2026-42897** is an **actively exploited** **spoofing/XSS** flaw in **on-premises Microsoft Exchange Server** that can let attackers trigger **arbitrary JavaScript** in a bro...

Open Happening

Microsoft Windows 365 Office installation disruption

Service Disruption
First: 13.05.2026 14:53 Last: 13.05.2026 14:53 Sources 1

About this happening: The **Windows 365** service update has introduced a **configuration change** that is blocking **Office downloads and installs** for some customers, disrupting access on cloud PCs....

Open Happening

Microsoft Windows RDP security warning dialog rendering issue after April 2026 updates

Security Tool/Service
First: 28.04.2026 12:51 Last: 28.04.2026 12:51 Sources 1

About this happening: **Microsoft** confirmed that newly introduced **Windows security warnings** for opening **Remote Desktop (.rdp) files** can display incorrectly, reducing users' ability to review...

Open Happening

Microsoft Outlook.com outage causing sign-in failures

Service Disruption
First: 27.04.2026 15:03 Last: 27.04.2026 15:03 Sources 1

About this happening: Microsoft's **Outlook.com** is experiencing an **ongoing outage** that is blocking sign-ins and mailbox access, leaving some customers unable to use email normally. The disruption...

Open Happening

Microsoft Edge regression disrupts Teams meeting joins

Service Disruption
First: 23.04.2026 16:18 Last: 23.04.2026 16:18 Sources 1

About this happening: A **Microsoft Edge** regression is preventing some **Windows** users from joining **Microsoft Teams** meetings, causing a limited-scope access disruption for scheduled and link-ba...

Open Happening

Timeline

  1. 18.02.2026 14:03 2 articles · 3mo ago

    Microsoft 365 Copilot work tab bug detected

    Detection Ioc Update

    Microsoft identified a Microsoft 365 Copilot work tab chat bug on January 21 that incorrectly reads and summarizes emails stored in users' Sent Items and Drafts folders, including messages with confidentiality labels and configured DLP policies meant to restrict automated access.

    Show sources
    Open in new tab
  2. 18.02.2026 14:03 2 articles · 3mo ago

    Microsoft begins fix rollout and monitors Copilot issue

    Mitigation Patch Update

    Microsoft confirmed an unspecified code error, said it began rolling out a fix in early February for the Microsoft 365 Copilot work tab issue, and said it is monitoring deployment while reaching out to a subset of affected users to verify that the fix is working.

    Show sources
    Open in new tab