Researchers have identified a new vulnerability of Microsoft Copilot.

Security researchers identified Reprompt, a single‑click attack that uses malicious URLs to inject hidden prompts into Microsoft Copilot, silently exfiltrating user data. By exploiting Copilot’s ‘q’ URL parameter, double‑request loopholes, and chained instructions, attackers could bypass data‑leak protections and persistently extract information even after the chat window closed. The technique enabled sensitive data exposure, including secret phrases, query histories, and other personal details, without user awareness. Microsoft has patched the vulnerability, and the issue did not affect Microsoft 365 Copilot enterprise deployments.

Read more:

https://www.securityweek.com/new-reprompt-attack-silently-siphons-microsoft-copilot-data/