VentureBeat

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway

Microsoft assigned CVE-2026-21520, a CVSS 7.5 indirect prompt injection vulnerability, to Copilot Studio. Capsule Security discovered the flaw, coordinated disclosure with Microsoft, and the patch was ...
Forbes

New Warning — Microsoft Copilot AI Can Access Restricted Passwords

Hackers have used Copilot AI to extract passwords from Microsoft SharePoint. As the name implies, Pen Test Partners is a company that specializes in security consulting, specifically penetration ...