Varonis found a “Reprompt” attack that let a single link hijack Microsoft Copilot Personal sessions and exfiltrate data; Microsoft patched it in January 2026.
Researchers identified an attack method dubbed "Reprompt" that could allow attackers to infiltrate a user's Microsoft Copilot session and issue commands to exfiltrate sensitive data.
Users of widely used HR and ERP platforms targeted with malicious extensions which were available in the Chrome Web Store ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback