Varonis found a “Reprompt” attack that let a single link hijack Microsoft Copilot Personal sessions and exfiltrate data; Microsoft patched it in January 2026.
1don MSN
How this one-click Copilot attack bypassed security controls - and what Microsoft did about it
ZDNET's key takeaways Dubbed "Reprompt," the attack used a URL parameter to steal user data.A single click was enough to ...
Multiple Scripts: Add as many custom JavaScript snippets as you want. Organized UI: Each script is managed in its own collapsible section, keeping your configuration clean and easy to navigate. Enable ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback