Find notable cyber news and cases, enriched with sources, timelines, and signals.

Microsoft 365 Copilot work tab DLP bypass security flaw

Vulnerability
First reported
Last updated
Happening score
H score 18
1 unique sources, 2 articles

Summary

Hide ▲

Microsoft 365 Copilot has a DLP-bypass vulnerability in its work tab chat that can summarize confidential email content, creating a risk that protected messages are processed by automated tools. The flaw affects mail stored in Sent Items and Drafts, including messages with confidentiality and sensitivity labels. Microsoft says a fix began rolling out in early February while it continues to monitor the deployment.

Related Happenings

Microsoft 365 Copilot Enterprise SearchLeak remote code execution flaw (CVE-2026-42824)

Vulnerability
H score34 First: 15.06.2026 16:00 Last: 15.06.2026 16:00 Sources 1

About this happening: **Microsoft 365 Copilot Enterprise Search** has a **critical** vulnerability chain, **SearchLeak**, that could let a user leak **emails, calendar details, MFA codes, and indexed f...

Microsoft 365 Android apps token-sharing flaw (multiple vulnerabilities)

Vulnerability
H score21 First: 03.06.2026 17:56 Last: 03.06.2026 17:56 Sources 1

About this happening: **Microsoft 365 Android apps** were exposed by a leftover **setIsDebugMode(true)** flag that let same-device apps steal account tokens and act as the signed-in user. The flaw coul...

Microsoft Exchange Online mail flow disruption

Service Disruption
H score25 First: 02.06.2026 20:02 Last: 02.06.2026 20:02 Sources 1

About this happening: Microsoft is addressing a **widespread Exchange Online service disruption** that is delaying and failing email delivery for customers across **North America** and **Germany**. The...

Microsoft Exchange Server spoofing/XSS flaw under active exploitation (CVE-2026-42897)

Vulnerability
H score37 First: 15.05.2026 09:19 Last: 15.05.2026 09:19 Sources 1

About this happening: **CVE-2026-42897** is an **actively exploited** **spoofing** vulnerability in **on-premises Microsoft Exchange Server** that can lead to **arbitrary JavaScript execution** in a br...

Latest development: 09.06.2026 20:57

Microsoft identifies CVE-2026-42897 in Microsoft Exchange Server as an actively exploited spoofing vulnerability that can lead to JavaScript execution in a target’s browser when a specially crafted email is opened in Outlook Web Access under certain interaction conditions. Microsoft says mitigations are being pushed through the Exchange Emergency Mitigation Service while it continues work on the full update.

Microsoft Windows 365 Office installation disruption

Service Disruption
H score0 First: 13.05.2026 14:53 Last: 13.05.2026 14:53 Sources 1

About this happening: The **Windows 365** service update has introduced a **configuration change** that is blocking **Office downloads and installs** for some customers, disrupting access on cloud PCs....

Timeline

  1. 18.02.2026 14:03 2 articles · 4mo ago

    Microsoft 365 Copilot work tab bug detected

    Detection Ioc Update

    Microsoft identified a Microsoft 365 Copilot work tab chat bug on January 21 that incorrectly reads and summarizes emails stored in users' Sent Items and Drafts folders, including messages with confidentiality labels and configured DLP policies meant to restrict automated access.

    Show sources
  2. 18.02.2026 14:03 2 articles · 4mo ago

    Microsoft begins fix rollout and monitors Copilot issue

    Mitigation Patch Update

    Microsoft confirmed an unspecified code error, said it began rolling out a fix in early February for the Microsoft 365 Copilot work tab issue, and said it is monitoring deployment while reaching out to a subset of affected users to verify that the fix is working.

    Show sources